Klaxoon

The <a href="https://help.klaxoon.com/en/articles/217989-scim-user-management">SCIM</a> (System for Cross-domain Identity Management) protocol automates user management, reducing manual tasks and errors. It also facilitates real-time access synchronization, improving the security and efficiency of identity processes.

Discover the different steps involved in setting it up with Azure AD/ Entra ID.

<a href="#h_70b282d10a">1. Add Klaxoon to Microsoft Entra ID</a>

<a href="#h_347893ccd1">2. Configure provisioning</a>

<a href="#h_03c9c6b0f3">3. How it works</a>

- Private SSO required
- Team Monoconsole
- AzureAD or Okta or via an available API, <a href="https://developers.klaxoon.com/docs/introduction-to-klaxoon-scim" rel="nofollow noopener noreferrer" target="_blank">full details HERE</a>
- A configuration session will be scheduled with Klaxoon technical teams

Log in to the <a href="https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fportal.azure.com%2Fsignin%2Findex%2F&amp;response_type=code%20id_token&amp;scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&amp;state=OpenIdConnect.AuthenticationProperties%3DPUJMzixUf8wKgeblQTVhWGNmmdpZpCN7uix8JJMGXDQLjtootAkF-zbV4IckPY6L-EhdM1LB9iV1wjGN-5Yxugmo5KqfR-uOWBRdI8O4VVlP2k0twfbwpswYILginNmB_1bkQC4ecYPQzdyXA4rF6AKeeK4GERIrKBLcoRKNsVTyMCQ4HcrUDk3nXXkEgi9TtMmB7PdxD8_jQDmFvw4-Wfb4Whlbf409wwn8BlkiSQ0jJI8XhHjt6N9kxdxzEoIlGUwQQm7xShlWlyAmZ75NkUxShQP3ubADCT0V1ZmCfxzsWUV5z6o7H4h_MZgT7W4WiNUjYXeZscH12Y9v5vdvoGQ-Yf67FTIT5jKAY5ng3yPACpm3kI98cqmpXo2GBVLOpolGg5aX4dy5ZLmVN3EZM_v_vKuEycTWvcXDGjdGKueZgXqAkgdcQeDUc8F5oAWChUum7EXrRAl8O3d7J3XS-RQGOtOn2IV0-bjprj28VQ7_DfTpSlpKMhzQwgA6ZpCVUhc31V-fIuz7907jC9Ga9U9On66PDGl3wDUFiVFVhvYkLDPt0YygX7PJCNNski4O&amp;response_mode=form_post&amp;nonce=638773849460357661.OTIwMzgwNTktOTNkNC00NzExLWE5NzctZjAyMTI0MTI1YjNlYmE0NDMxNzMtYzliMi00ODJhLTk1ZmUtNmE5MDkwMmM5YThl&amp;client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&amp;site_id=501430&amp;client-request-id=f39e2ae3-95cf-4152-9c6a-8b8a31bc8cc1&amp;x-client-SKU=ID_NET472&amp;x-client-ver=8.3.0.0" rel="nofollow noopener noreferrer" target="_blank">Microsoft Azure</a> portal with an administrator account.

Go to Identity&gt;Applications&gt;Enterprise applications&gt;New application

In the search bar, enter “Klaxoon” and choose Klaxoon SAML

Rename the application to Klaxoon SCIM (or any other name of your choice), then click on Create to create the application.

1. Log in to the <a href="https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fportal.azure.com%2Fsignin%2Findex%2F&amp;response_type=code%20id_token&amp;scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&amp;state=OpenIdConnect.AuthenticationProperties%3DPUJMzixUf8wKgeblQTVhWGNmmdpZpCN7uix8JJMGXDQLjtootAkF-zbV4IckPY6L-EhdM1LB9iV1wjGN-5Yxugmo5KqfR-uOWBRdI8O4VVlP2k0twfbwpswYILginNmB_1bkQC4ecYPQzdyXA4rF6AKeeK4GERIrKBLcoRKNsVTyMCQ4HcrUDk3nXXkEgi9TtMmB7PdxD8_jQDmFvw4-Wfb4Whlbf409wwn8BlkiSQ0jJI8XhHjt6N9kxdxzEoIlGUwQQm7xShlWlyAmZ75NkUxShQP3ubADCT0V1ZmCfxzsWUV5z6o7H4h_MZgT7W4WiNUjYXeZscH12Y9v5vdvoGQ-Yf67FTIT5jKAY5ng3yPACpm3kI98cqmpXo2GBVLOpolGg5aX4dy5ZLmVN3EZM_v_vKuEycTWvcXDGjdGKueZgXqAkgdcQeDUc8F5oAWChUum7EXrRAl8O3d7J3XS-RQGOtOn2IV0-bjprj28VQ7_DfTpSlpKMhzQwgA6ZpCVUhc31V-fIuz7907jC9Ga9U9On66PDGl3wDUFiVFVhvYkLDPt0YygX7PJCNNski4O&amp;response_mode=form_post&amp;nonce=638773849460357661.OTIwMzgwNTktOTNkNC00NzExLWE5NzctZjAyMTI0MTI1YjNlYmE0NDMxNzMtYzliMi00ODJhLTk1ZmUtNmE5MDkwMmM5YThl&amp;client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&amp;site_id=501430&amp;client-request-id=f39e2ae3-95cf-4152-9c6a-8b8a31bc8cc1&amp;x-client-SKU=ID_NET472&amp;x-client-ver=8.3.0.0" rel="nofollow noopener noreferrer" target="_blank">Microsoft Azure</a> portal with an administrator account.
2. Go to Identity&gt;Applications&gt;Enterprise applications&gt;New application
    
   
    
3. Click on “New application”.
    
   
    
4. In the search bar, enter “Klaxoon” and choose Klaxoon SAML
    
   
    
    
5. Rename the application to Klaxoon SCIM (or any other name of your choice), then click on Create to create the application.
    

A configuration session should be scheduled with Klaxoon's technical teams. Synchronization tests will then be carried out (in both pre-production and production phases). Once these tests have been completed, the SCIM protocol will be operational.

Enter the tenant URL and secret token supplied by Klaxoon

Perform a connection test and click on “Save” in the top left-hand corner.

Click on “Provision Microsoft Entra ID Groups” to associate the license field.

Edit the attribute and select “Expression” in “Mapping type”.

Depending on the group's Object ID, I enter the value TRUE or FALSE in the license field:

if the value is FALSE, it's an account without a license

if the value is TRUE, it's a licensed account

- if the value is FALSE, it's an account without a license
- if the value is TRUE, it's a licensed account

a specific group for users with a Pro license only

- a group for Free users (all users)
- a specific group for users with a Pro license only

Retrieve the Object ID of these groups and build the expression on this model:

<i> ​Switch([objectId], "false", "Object_ID_groupe_des_PROs", "true", "Object_ID_groupe_des_FREEs", "false")</i>

<i>urn:ietf:params:scim:schemas:extension:klaxoon:2.0:Group:license</i>

Then save by clicking on “Save” in the top left-hand corner.

From the overview, go to “Users and groups”.

Choose the Free and Pro user groups, then assign them.

Account provisioning will take a variable amount of time, depending on the number and velocity of Entre IDs.

SCIM protocol configuration with Azure AD/ Entra ID

1. Add Klaxoon to Microsoft Entra ID

Configuration

1. Add Klaxoon to Microsoft Entra ID

2. Configure provisioning

3. How it works