Topics included in this article:
Prerequisites
The SSO setup must be completed before this SCIM setup. Reference the Setting Up SSO with Microsoft Entra ID article for more details.
Note: If this is your first encounter with SCIM provisioning, check out our article on SCIM Setup for SSO.
Setup
The following setup sections must be completed in order. Third-party platform UI is subject to change.
SCIM Setup
| 1. Ensure all Roles that will be used have already been created in the Rhombus Console. For more information, please review the Role Creation and Management article. You will need to manually add these created roles to the Entra platform. |
| 2. In the Entra portal, click into the Rhombus Systems Enterprise Application. Select "Provisioning." Under "Provisioning Mode," select "Automatic." |
|
3. Navigate to the Rhombus Console, select "Settings," click in "Single Sign-On," and select the SCIM drop down to get the following information:
|
|
|
| 4. In the Rhombus Console, "Send welcome email when adding new users" is toggled on. |
|
|
|
5. In Entra, under the Tenant URL and Secret Token boxes, click "Test Connection" to ensure the connection between Rhombus and Entra doesn't have any errors. Select "Save" on the top of the provisioning page in Entra.
|
Map "Roles" Attribute
| 1. Select "Provisioning" → "Edit attribute mappings" |
|
|
| 2. Click the "Mappings" dropdown and select "Provision Azure Active Directory Users." |
|
|
| 3. Click the "Show Advanced Options" checkbox and select "Edit attribute list for Rhombus Systems." |
|
|
| 4. Add a new row for "roles" and click the "Multi-Value" checkbox. This is case-sensitive; ensure it's all lowercase. Ensure everything else is matched according to the screenshot. Click "Save." |
|
|
| 5. Go back to the previous "Attribute Mapping" page. Select "Add new mapping." |
|
|
|
6. Complete the following fields:
Click "Ok" when finished. The "roles" attribute will now be linked. |
|
|
|
7. Ensure "Attribute Mapping" is toggled to "Yes." Click "Save." |
|
|
Create Users and Groups
| 1. Navigate to the Rhombus Systems app, select either "All Users" or "All Groups" depending on what you want to add. The same process will be used for both. |
|
|
| 2. Select "New Group" or "New User" depending on what you are adding. |
|
|
| 3. Fill in the prompted fields and then click "Create." |
|
|
|
4. Repeat steps 1-3 until all necessary Users and Groups have been created. When creating groups, you can assign users under the "Members" section.
|
Assign and Provision Users and Groups
| 1. From the homepage of Microsoft Entra navigate to the "Applications" dropdown and select "App registrations." Select "All applications" and click "Rhombus Systems." |
|
|
|
2. Click "App roles," select "Create app role" and fill in the prompts. These are case sensitive and must match with the roles created in the Rhombus Console. If there is a space used in a role in the Rhombus Console, represent this with an underscore in the Entra role creation. Click "Apply." ex.) A Rhombus role called "Night Shift" will be represented in Entra as "Night_Shift." |
|
Figure 1.) Steps to get to the "Create app role" page.
Figure 2.) Specific example with the corresponding Rhombus role being Property Managers.
|
| 3. Navigate back to the "All groups" page to link the created role with the necessary group. Click the group you want to assign a role to and click "Roles and administrators." |
| 4. Click "Add/Edit." Assign the corresponding Rhombus role to the group. Ensure all changes are saved. For specific Microsoft Entra instructions, please review the Entra knowledge article. |
| 5. Navigate back to the Rhombus Enterprise Application and click "Provisioning." |
|
6. Click "Start Provisioning" to enable SCIM to update as changes are made. Click "Yes." Once complete you will get a configuration status of "Enabled." |
|
Figure 1.) Start Provisioning.
Figure 2.) Provisioning Enabled.
|
|
6a. Later, if you require more immediate changes to a specific user or group, you can utilize "Provision on Demand" at any time to complete this. Under the Rhombus Enterprise Application click "Provisioning," then select "Provision on demand." Type the name of the new user or group. When provisioning a group, as in this example, add members. You must select all the users in the group to provision everything successfully. Note: Groups may not be available for assignment due to the Active Directory plan level you have. Click "Provision" to complete the SCIM provisioning. |
|
|
Create a Custom SCIM Field
A custom field in Entra is referred to as a "target attribute."
Rhombus Console Setup
| 1. Navigate to "Settings," "Access Control Credentials," and then select "Badge Printing." |
| 2. In the "Custom Fields" section, select "Add Field." |
|
3. Enter in the "Field name" and the "SCIM field name" and click "Save." Using a period is required when separating text for the SCIM field. The following formats are supported in the SCIM field name:
|
|
|
Entra Setup
| 1. From the homepage of Microsoft Entra navigate to the "Applications" dropdown and select "App registrations." Select "All applications" and click "Rhombus Systems." |
|
|
| 2. Under Overview, select "Provisioning" → "Edit attribute mappings." |
|
|
| 3. Click the "Mappings" dropdown and then select "Provision Azure Active Directory Users." |
|
|
| 4. Click the "Show Advanced Options" checkbox and select "Edit attribute list for Rhombus Systems." |
|
|
|
5. Scroll down and enter a new field following the format below: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:<scimFieldName> Where <scimFieldName> matches exactly what's been defined in the Rhombus console. Click "Save." |
| 6. Go back to the previous "Attribute Mapping" page. Select "Add new mapping." |
|
|
| 7. Under "Target Attribute" select the attribute that was just created. |
|
|
|
8. Set the "Source attribute" to the existing Azure field you want synced over. A source attribute can be any field defined by Entra, like jobTitle, city, etc. Click "Okay" to return to the previous page. This target attribute will now be in the list, and click "Save." |
|
|
| 9. Navigate to "Users" and select a specific user. Click "Properties" and select edit for the property you selected as the source attribute in Step 8. In this example, "Job title" was used as the source attribute. Fill in the field for the user is and click "Save." This completes the Entra setup. |
|
|
| Optional: For testing, navigate to "Provision on demand." Select the user and click "Provision" to ensure everything propagates correctly. This is not required, as Entra will automatically provision in set intervals. |
|
|
| Verification: Back in the Rhombus Console, click into "User Management," select the user, and navigate to the "Access Control" tab. The field you created should now be updated with the information from Entra, once Entra has synced. |
|
|
Helpful Links
- SCIM Setup for SSO
- Setting up SSO with Microsoft Entra ID
- Role Creation and Management
- Manage Users
- Entra Knowledge Article
Contact Support or Sales
Have more questions? Contact Rhombus Support at +1 (877) 746-6797 option 2 or support@rhombus.com.
Interested in learning more? Contact Rhombus Sales at +1 (877) 746-6797 option 1 or sales@rhombus.com.
Comments
0 comments
Please sign in to leave a comment.