1. Features

The following provisioning features are supported when using provisioning from Azure to Peakon:

  • Create Users: New or existing users in Azure will be pushed to Peakon as new employees.
  • Update User Attributes: Updates to user profiles in Azure will be pushed to Peakon.
  • Deactivate Users: Users deactivated in Azure will be automatically disabled in the Peakon, and will not be included in any engagement surveys beyond the point of deactivation. If reactivated, users will again start receiving scheduled engagement surveys.

Once connected, Azure AD runs a synchronisation process every 40 minutes where it queries the Peakon’s SCIM endpoint for assigned users and groups, and creates or modifies them according to the assignment details.

The following Azure AD attributes will be synchronised to Peakon:

  • Email
  • First name
  • Last name
  • Employee number
  • Manager

In addition, custom attributes can be added to Azure to sync information like department, manager, date of birth and more to Peakon. See the Mapping Attributes section of this article for more details.

2. Prerequisites

As an administrator of Peakon, you will need to enable the Employee Provisioning integration before enabling provisioning in Azure AD.

You can do this by following these steps:

  1. Log into your Peakon account at https://app.peakon.com,
  2. Click on Administration > Integrations in the bottom left menu
  3. Select the Employee Provisioning integration from the list of integrations.
  4. Click the yellow Enable option and you will be taken to the page you see in the screenshot below.

Provisioning is now enabled for your company, and you can proceed to configure it within Azure. 

3. Configuration steps

You are now ready to configure Azure to provision users to Peakon:

1. Navigate to Azure Active Directory using the menu bar on the left.

2. Navigate Enterprise Applications. If you have already configured Peakon for Single Sign-On then you should have Peakon listed. If not, please create a New Application using the menu at the top:

Use the App Gallery to browse for Peakon.

3. Once the App is created, navigate to Provisioning

 

4. Select Automatic as the Provisioning Mode.

5. You will now need to add the SCIM URL from Peakon as the Tenant URL. This should be https://api.peakon.com/scim/v2 

5. Now, copy the OAuth Bearer Token from the Peakon settings page (in the Prerequisites step) as Secret token. Click on Test Connection to validate the connection.

  6. Optionally, add an email address to receive notifications if an error occurs. 

4. Mapping Attributes

Under the Mappings section, select Synchronize Azure Active Directory Users to Peakon. This will open the Attribute Mappings configuration window. Make sure Create, Update and Delete are checked.

The default mappings will be shown.

You can add additional mappings by clicking on Show Advanced Options > Edit attribute list.

6. Adding Custom Attributes

Adding attributes such as Employee Number, Manager and Department requires the use of the SCIM enterprise attribute extension.

As an example, Department would be : 

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:Department

For adding custom attributes that exists in Peakon make sure you follow the Peakon extension.

As an example, Job Title would be: 

urn:ietf:params:scim:schemas:extension:peakon:2.0:User:Job Title

Once you have added the correct extension and attribute name, choose the Data Type (e.g. string, integer, boolean, datetime etc). 

You then need to map this to the matching field in Azure Active Directory. To add the mapping, click on Add Mapping

The source attribute is from Azure and target is the attribute in Peakon. 

Once the attributes are mapped, scroll down and set the provisioning status to On. Click Save to complete configuration

Article: Set up single sign-on with Azure AD through the App Gallery

Did this answer your question?