It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda SecureEdge
Overview Documentation Training Certification Materials

How to Configure the Inbound SCIM User Directory for Microsoft Entra ID

  • Last updated on

The Barracuda SecureEdge Manager allows administrators to configure the System for Cross-domain Identity Management (SCIM) user directory for your selected workspace. SCIM can be used to automate the flow of identity information between an identity provider and cloud-based services. In order to configure Microsoft Entra ID for the SCIM directory, you must first create the SCIM User Directory. The SecureEdge Identity Management will make a request to the SCIM service internal endpoint to generate tokens and the SCIM external URL to the user. The user need to copy these values and use them in the provider SCIM setup.

Currently, we support inbound SCIM support for Microsoft Entra ID and Okta Workforce.

Step 1 Configure SCIM

The configuration steps required depend on the user directory you use. To add a SCIM user directory:

  1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

  2. In the left menu, click the Tenants/Workspaces icon and select the workspace you want to configure the Microsoft Entra ID user directory for.

  3. In the left menu, click Identity > Settings.

    goto-id-settings.png

  4. The Settings page opens.

  5. In the User Directories section, click Add User Directory and select SCIM from the user directory drop-down menu.

    add-ud.png

  6. The Add User Directory page opens.

  7. Under User Directory Info tab, specify the values for the following:

    • Display Name – Enter display name.

      first-scim.png

  8. Click Add.

  9. You can see the SCIM user directory endpoint and Primary / Secondary tokens are displayed. You can use these values in the provider SCIM setup.

    scim-tokens.png

  10. Click on the clipboard icon to copy and paste the token to a text file. Note: You can regenerate these tokens by clicking on the rotate icon.

  11. Click Finish.

  12. In the User Directories table, a new SCIM user directory has been added. Under the fieldname STATUS, you can see that the STATUS is shown as pending. The directory sync may take a few minutes.

    scim-pending-status.png

  13. To configure Microsoft Entra ID for the SCIM User Directory, go to Step 2.

  14. After the directory sync is completed, verify that in the User Directories table, under the fieldname STATUS, the text has changed to Completed with a green check mark.

    firstscim-status.png

In addition, information under the fieldname LAST SYNC displays the time the last sync occurred. The fieldname SYNC RESULT displays the number of users or groups already synced. Verify that you see all SCIM directory users and groups on the respective Identity > Users and Identity > Groups pages.

Edit SCIM

To edit the SCIM user directory:

  1. In the left menu, click the Tenants/Workspaces icon and select the workspace you want to edit the Barracuda Cloud Control user directory for.

  2. Go to Identity > Settings.

  3. The Settings page opens. In the User Directories section, you can see that Microsoft Entra ID is displayed as your user directory.

  4. To edit your SCIM account, click on the pencil icon.

    scim-change.png

  5. The Edit User Directory page opens. Edit the value you are interested in. Note: Only display names of SCIM user directory are editable.

    edit-scim.png

  6. Click Save.

You can regenerate the primary and secondary tokens for an existing SCIM user directory via the Edit SCIM option.

Remove SCIM

To remove the SCIM directory associated with the selected workspace:

  1. In the left menu, click the Tenants/Workspaces icon and select the workspace you want to remove the SCIM user directory for.

  2. Go to Identity > Settings. The Settings page opens.

  3. In the User Directories section, you can see your SCIM user directory is displayed.

  4. To remove an existing SCIM user directory, click on the trash can icon.

    scim-rm.png

  5. The Delete User Directory <Name of Your SCIM User Directory> page opens.

    del-scim.png

  6. Click Ok to confirm.

(Optional) Set Up SCIM

  1. On the Settings page in the User Directories section, click the icon of three vertical dots.

    scim-06.png

  2. Click Setup SCIM.

  3. The Setup SCIM page open.

    scim-03.png

    You can use the SCIM Endpoint, Primary / Secondary Tokens to update an existing SCIM configuration.

Using the Setup SCIM, you can regenerate the associated primary and secondary tokens for an existing SCIM user directory.

Step 2 Create Enterprise Application in Microsoft Entra ID without Using Provision on Demand

  1. Log into your Azure Management Portal (https://portal.azure.com).

  2. Search for Enterprise applications.

    enterprise-app.png

  3. Click New application.

    new-appl.png

  4. On the Browse Microsoft Entra Gallery page, click Create your own application.

    create-ent-app.png

  5. The Create your own application window opens. Specify values for the following:

    • Enter the name of your application

    • Ensure that the Integrate any other application you don't find in the gallery (Non Gallery) is selected.

  6. The <Name of your application> Overview page opens. Click Provisioning.

  7. In the Provisioning page, click Get Started and specify the values for the following:

    • Provisioning Mode – Select Automatic.

    • In the Admin Credentials section, specify values for the following:

      • Tenant URL – Enter the SCIM Endpoint you retrieved in Step 1.

      • Secret Token – Enter the token. You can enter either the Primary or Secondary token you retrieved in Step 1.

        provisioning.png

  8. To check the connection, click Test Connection.

  9. Click Save.

  10. Go to the <Name of your application> Overview page. You can see no users are added to your application. On the top of the Overview page, click Start Provisioning.

  11. In the left menu of the Overview page, select Users and groups and click + Add user/group.

    user-group.png

  12. The Add Assignment page opens. Click Users.

    add-assignment.png

  13. On the right side of the Add Assignment page, the Users window opens. To add users, click Select.

  14. In the Users and groups section, you can see the users that have been added.

    add-user-groups.png

  15. On the Overview page, you can verify that the Current cycle status has no provisioning on demand.

    overview-prov-logs.png

  • Verify the status of the SCIM user directory in SecureEdge.

In the User Directories table, you can see that the STATUS of the SCIM user directory , e.g., SCIM for group No on demand provisioning, is shown as pending before synchronization.

scim-before-sync.png

After the sync is completed, you can see the SCIM user directory has been updated in SecureEdge. Under the fieldname STATUS, the text has changed to Completed with a green check mark, and the fieldname SYNC RESULT column shows the total number of users and groups synced.

scim-user-groups.png

(Optional) Create Enterprise Application in Microsoft Entra ID with Provision on Demand

If you must sync users/groups instantly, proceed with the following steps:

  1. Go to the <Name of your application> Overview page.

  2. In the left menu, click Provision on demand and select a user or group.

    prov-on-demand.png

You can see that a new user or group has been added to your application and automatically updated and synchronised in SecureEdge. You can verify this under the fieldname SYNC RESULT, which shows the total users and groups to be the same as the source directory.

scim-status.png