1. Features

The following provisioning features are supported when using provisioning from Azure to Peakon:

  • Create Users: New or existing users in Azure will be pushed to Peakon as new employees.
  • Update User Attributes: Updates to user profiles in Azure will be pushed to Peakon.
  • Deactivate Users: Users deactivated in Azure will be automatically disabled in the Peakon, and will not be included in any engagement surveys beyond the point of deactivation. If reactivated, users will again start receiving scheduled engagement surveys.

Once connected, Azure AD runs a synchronisation process every 40 minutes where it queries the Peakon’s SCIM endpoint for assigned users and groups, and creates or modifies them according to the assignment details.

The following Azure AD attributes will be synchronised to Peakon:

  • Email
  • First name
  • Last name
  • Employee number
  • Manager

In addition, custom attributes can be added to Azure to sync information like department, manager, date of birth and more to Peakon. See the Mapping Attributes section of this article for more details.

2. Prerequisites

As an administrator of Peakon, you will need to enable the Employee Provisioning integration before enabling provisioning in Azure AD.

You can do this by following these steps:

  1. Log into your Peakon account at https://app.peakon.com,
  2. Click on Configure > Integrations in the bottom left menu
  3. Select the Employee Provisioning integration from the list of integrations.
  4. Click the yellow Enable option and you will be taken to the page you see in the screenshot below.

Provisioning is now enabled for your company, and you can proceed to configure it within Azure. 

3. Configuration steps

You are now ready to configure Azure to provision users to Peakon:

1. Navigate to Peakon via the Enterprise Application menu.

2. Navigate to the Provisioning tab (Manage > Provisioning)

3. Select Automatic as the Provisioning Mode.

4. You will now need to add the SCIM URL from Peakon as the Tenant URL. This should be https://api.peakon.com/

5. Now, copy the OAuth Bearer Token from the Peakon settings page (in the Prerequisites step) as Secret token. Click on Test Connection to validate the connection.

  6. Optionally, add an email address to receive notifications if an error occurs. 

4. Mapping Attributes

Under the Mappings section, select Synchronize Azure Active Directory Users to Peakon. This will open the Attribute Mappings configuration window. Make sure Create, Update and Delete are checked.

The default mapping will be shown, you can add additional mappings by clicking on Show Advanced Options > Edit attribute list.

5. Configure userName Matching

In order for Azure AD to discover users that already exist within Peakon, you need to configure the userName attribute to be the email of the Azure AD user, and have it be a “matching attribute”. This is because Peakon uses the email as the primary user identifier. By default, Azure AD will use the externalId to match existing users, and it is preconfigured with precedence of 1. We need to add a second option for matching by userName (i.e. the Peakon email).

To configure the userName attribute, click the attribute in the list in attribute mappings, then configure it with the following values:

  • Mapping type: Direct
  • Source attribute: mail
  • Target attribute: userName
  • Match objects using this attribute: Yes
  • Matching precedence: 2
  • Apply this mapping: Always

See the screenshot below for the correct configuration of the userName attribute.

6. Adding Custom Attributes

Adding attributes such as Employee Number, Manager and Department requires the use of the SCIM enterprise attribute extension.

As an example, Department would be : 

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:Department

For adding custom attributes that exists in Peakon make sure you follow the Peakon extension.

As an example, Job Title would be:

urn:ietf:params:scim:schemas:extension:peakon:2.0:User:Job Title

Once you have added the correct extension and attribute name, choose the Data Type (e.g. string, integer, boolean, datetime etc). 

You then need to map this to the matching field in Azure Active Directory. To add the mapping, click on Add Mapping

The source attribute is from Azure and target is the attribute in Peakon. 

Once the attributes are mapped, scroll down and set the provisioning status to On. Click Save to complete configuration. 

Article: Set up single sign-on with Azure AD through the App Gallery

Did this answer your question?