Team: Huntress Managed Security Awareness Training (SAT)
Product: Microsoft Entra - SCIM Integration
Summary: This article covers how to configure System for Cross-domain Identity Management (SCIM) for your Huntress Security Awareness Training (SAT) instance within the Microsoft Entra admin console. This does support GCC High Tenants.
In Huntress SAT
- Access your SAT platform as an admin user.
- Go to Settings > Integrations > SCIM.
- Create a SCIM Token by clicking + Connect a group and choosing the desired SAT target group.
- All new learners will be added to this group.
- Any existing users will be associated with your Identity Provider (IDP) via SCIM but will remain in their currently assigned group.
- If you want to have multiple SAT groups with SCIM sync, you will need multiple connections on the SAT side and multiple apps in the IDP.
- Note: If you go this route, ensure you don't have learners in both apps, as their user data may be overridden.
In Microsoft Entra
- Access the Microsoft Entra Admin Center:
https://entra.microsoft.com/#home - Go to Enterprise Applications.
- Click New Application.
- Click Create your own application.
- Provide an application name and select the Non-gallery radio button.
- Go to Manage > Provisioning.
- Click Connect your application.
- Enter the following:
-
Tenant URL:
https://mycurricula.com/api/learner-scim/v2 -
Secret token:
<<paste your token generated in the SAT platform>>
-
Tenant URL:
- Click Test connection to verify the credentials are working.
- Click Create to create the Provisioning configuration.
- Go to Manage > Provisioning.
-
Under Mappings, disable syncing for Groups.
- Edit the User Mappings to only include supported attributes below. Adding additional attributes may cause unexpected behavior.
-
SCIM User Schema
-
userName(must be the user’s email address) activename.givenNamename.familyNamelocalepreferredLanguagetimezone
-
-
Enterprise User Schema
departmentemployeeNumber-
manager.value(either the email address or ID of the manager)
-
SCIM User Schema
- Under Settings, adjust the Scope field if desired.
- If Sync only assigned users and groups is selected, add the users and/or groups you intend to sync to the application under Users and groups.
- If desired, use the Provision on demand option to test the sync for a given user.
- When ready to enable syncing for the application, click Start provisioning under Overview.
- Note: Provisioning doesn't start right away and will apply during the next scheduled run.