SSO/SCIM
      Back to home
      1. Help Center
      2. Integration
      3. SSO/SCIM

      User Account Provisioning & Deprovisioning with SCIM

      User Account Provisioning & Deprovisioning with SCIM

      Talkative Engage supports provisioning and de-provisioning accounts with SCIM when authorising via Role based permissions. If you are following this guide, we will assume that at this point, you have already set up an SSO integration into Talkative Engage with the roles being correctly mapped. If you have not, please complete this step first using this guide: SSO Configuration Management


      Setup for this is simple and should take no longer than 10 minutes. You will need an API token to perform this, and the API tokens last for a period of 12 months before needing to be renewed. This setup can only be performed by someone with a permission of account holder.


      To generate an API token, navigate to your Talkative Engage account, and loads the API Tokens page from within the Settings menu. Here you can generate a new token for your SCIM Endpoint. Create an access token by providing a name. The name is for internal use and identification purposes only.


      Your token will be shown to you only once, so please copy this token to a safe place until it's needed.


      Load your Azure Portal and navigate to the Enterprise Application you created when you set up your SSO integration into Talkative Engage.



      From this page, navigate to the provisioning page, located under the Manage menu.


      At this point, you should be greeted with a page similar to this one:




      Click on the get started button. This will take you to the first page in the configuration, which will allow you to change the provisioning mode from "manual" to "automatic". Changing this mode to automatic will show some additional forms options which must be completed.


      The new form options that are available are the Tenant URL and the Secret Token. The tenant URL will be: https://{yourregion}.engage.app/api/scim/v1/ and the client secret is the API token you previously generated. You will need to replace {yourregion} with the app region your account is located in.


      Once completed, click the "Save" button.


      Our SCIM end-point only handles Users, and not groups, so in the next section you can disable the Group provisioning. You may have to disable this after the attribute mapping section is complete.


      You will now need to add a mapping to pass the user role back to Talkative Engage. You can do this by entering the following settings:



      The expression you require is: SingleAppRoleAssignment([appRoleAssignments])


      Once completed, you can click Save and you will be redirected to the provisioning page. From here, you can click to "Start Provisioning".



      You may wish to use the Provision on demand to test the provisioning works correctly.