Automatic employee provisioning with SCIM 2.0
With this integration you can automatically provision and deprovision employee accounts – keeping Peakon survey participation in sync with any system supporting the SCIM protocol, including Microsoft Azure Active Directory and more.
About SCIM 2.0
SCIM 2.0 is a specification of a REST-like protocol for one-directional provisioning of users over HTTP. Your existing identity management system can be configured to automatically synchronize changes made to its database to a third party application like Peakon.
In the SCIM protocol, the central identity management system is called the identity provider and the third party application is called a service provider. By configuring Peakon as a service provider with your existing identity management system, your organization will be able to take full advantage of automatic account provisioning.
Peakon supports the following set of operations in the SCIM 2.0 protocol:
- Creating users (email, first and last name)
- Updating users (email, first and last name)
- Deleting users
- Activating/deactivating users
- Bulk operations for users
Group-related operations are currently not supported.
IT administrators can configure this by first clicking the settings icon in the bottom left corner of the Peakon dashboard, choosing Integrations, and then selecting Employee Provisioning from the list of integrations. Click the yellow Enable button and you’ll be taken to the page you see in the screenshot below.
From this page use the SCIM URL and OAuth Bearer Token below to configure your SCIM 2.0 Identity Provider to automatically sync changes to Peakon.
For full documentation of our employee provisioning API, read our SCIM API integration guide.
On-premise vs. Azure Active Directory
User provisioning through SCIM 2.0 is only available through the hosted AD version called Azure Active Directory. If you are currently using an on-premise Active Directory solution it will need to first be configured to sync its data to Azure Active Directory using Azure AD Connect, as described in this article.
When configuring Azure AD for provisioning, it is important to only enable syncing of Users, but disable Groups. Peakon does not support SCIM groups at this time, so it will not reflect groups as defined in Azure AD.
If you have any questions during the setup process of either integration, let us know, and we’ll be happy to help.
- I am using Azure AD and users are not being created/updated as expected? Answer: Check that you have configured Azure AD to use the base SCIM URL without the /scim/v2 path at the end, as Azure appends this automatically.
Article: SCIM API Integration guide