Integration for SCIM User Provisioning
Note
This option pertains to the Hyperproof TPRM product line.
The SCIM integration streamlines user and group provisioning by automatically synchronizing with Azure or Okta. Key features include:
Managing SCIM secrets with the ability to add and delete them.
Setting default roles for provisioned users.
Note
Use the Disable button at the top of the window to deactivate the integration when needed.
When you select SCIM User Provisioning from the Settings > Integrations page, Hyperproof TPRM displays the following options in the left menu:
General - SCIM configuration for Hyperproof TPRM.
SCIM Guide - Step-by-step configuration guides for Azure and Okta.
General SCIM configuration for Hyperproof TPRM
Complete the following to set up your SCIM configuration in Hyperproof TPRM.
Production mode - Toggles Production Mode on and off.
SCIM Endpoint - Automatically generated upon enabling SCIM integration. Click the Copy icon to copy the contents of this field.
Default User Role - Allows users to set the default role for provisioned users. Options include: Admin, Manager, User
Secrets table - Allows you to see and manage SCIM secrets.
Columns include:
Secret - Displays the secret. Click the Copy icon to copy the contents of this field.
Created Date - Date the secret was created.
Action - Contains the delete icon to remove secrets.
+ Add Secret - Allows users to generate new secrets.
Azure SCIM configuration for Hyperproof TPRM
Create an Azure App
Skip this step if a SAML app already exists.
Open the Azure Portal.
Click All Services and search for Microsoft Entra ID.
From the left menu, select Enterprise Applications.
Choose Create Your Own Application and do the following:
Enter the name - Expent-SCIM.
Select Integrate any other application you don't find in the gallery (Non-gallery).
Click Create.
Configure SCIM Integration
From the left menu, select Provisioning.
Click Get Started.
Set Provisioning Mode to Automatic.
Under Admin Credentials, complete the following fields:
Tenant URL -
https://api.expent.ai/user/scim-provisioning/bdd060bf-87bd-433d-a41b-5720deb72931Secret Token - Copy the secret displayed on the SCIM User Provisioning window on the General tab in Hyperproof TPRM and paste it here.
Click Test Connection.
Set Provisioning Status to On.
Click Save.
Assign Users and Groups
Navigate to the Microsoft Entra ID page.
Select Enterprise Applications.
Select the Expent-SCIM application.
Navigate to Users and Groups.
Use the Add User/Group button to assign individual users or groups to the application.
Okta SCIM configuration for Hyperproof TPRM
Create a SAML App in Okta
Skip this step if you already have a SAML App for Hyperproof TPRM.
Open the Okta Admin console.
From the left menu, select Applications > Applications.
Click Create App Integration.
In the pop-up window, set the Sign-on Method to SAML 2.0.
Click Next.
Configure SCIM integration
Log in to your Okta admin console.
From the left menu, select Applications > Applications.
Select the SAML app you created for Hyperproof TPRM.
Navigate to the General tab in the SAML App.
Click Edit for App Settings.
Select the checkbox for Enable SCIM provisioning and click Save.
Navigate to the Provisioning tab.
Edit SCIM Connection.
In SCIM Connector Base URL, enter:
https://api.expent.ai/user/scim-provisioning/53f50e0d-8140-4e43-9a47-875990fe1351In Unique Identifier field for users, enter:
email
Select the following checkboxes:
Import New Users and Profile Updates
Push New Users
Push Profile Updates for Supported provisioning actions
Under Authentication Mode select HTTP Header.
In the Authorization field, paste the secret displayed on the SCIM User Provisioning window on the General tab in Hyperproof TPRM.
Click Test Connector Configuration.
When the Connector Configuration test is successful, click Save.
Navigate to Provisioning > To App.
Click Edit.
Select the checkbox for Create Users.
Click Save for Provisioning to App.