Connecting the Dynamic Signal platform to Azure Active Directory is a simple way to enable automatic user provisioning in your Dynamic Signal Community. This integration supports the following:
- SAML-based Single Sign On (SSO) to log on to Dynamic Signal applications
- SCIM-compliant REST-APIs to automatically create, update, and suspend members in the Dynamic Signal platform
- Custom Schema extensions
To connect Dynamic Signal to Azure Active Directory to enable automatic user provisioning, complete the following process:
- Configure SCIM User Provisioning
- Configure SCIM Application in Azure Active Directory
- Configure SSO in Azure Active Directory
- SSO Integration Test
Before starting your SSO configurations, please contact your Customer Success Manager (CSM) to enable SSO for your Community. If you plan to enable user provisioning from Azure Active Directory, refer to the following requirements:
- Enable Divisions – While not required, in order to take full advantage of SCIM provisioning, you should enable Divisions for your Community before connecting to Azure Active Directory. To enable Divisions, ask your CSM or see Enable Divisions on the Dynamic Signal Support Site.
- Enable Targets – While not required, in order to take full advantage of SCIM provisioning, you should enable Targets for your Community before connecting to Azure Active Directory. To turn on Targets, follow the instructions in our Content Targeting article.
- Access to API Page – To access the API page, go to Admin > Advanced > API. If you do not have access to your Community’s API page in the Dynamic Signal app, please ask your CSM to provide you with permissions.
Configure SCIM User Provisioning
You can configure SCIM user provisioning, and generate an API Token and SCIM URL, by completing the following steps:
- In the Dynamic Signal Communicator webpage (communityname.voicestorm.com/manage), go to Admin > Advanced > API to generate a new bearer token to be used in the integration with Azure Active Directory.
- In the Tokens section, click Generate New Token and enter a name for the token. Click Generate New Token again to complete the process.
This procedure creates a base64 encoded bearer token which is required to set up your SCIM application in Azure Active Directory.
Under the URLs section of the API page in Dynamic Signal, you will find the SCIM API URL which is also required later when you set up your SCIM application in Azure Active Directory.
By default, the ScimDivisionType enabled will be Group, allowing you to manage divisions through SCIM’s group endpoint. If you would like to manage your community another way, click Edit in the Division Type region and select the UserExtensionString. This will allow you to manage Divisions through SCIM’s users’ endpoint. This will also update the Division Management URL and the sample JSON.
Note: At this time Azure Active Directory SCIM does not support using the UserExtensionArray as a Division Type.
To configure your SCIM application in Azure Active Directory, see Configure SCIM Application in Azure Active Directory.