Configure Single Sign-On between Entra ID and BizLibrary
If you have already configured SSO, you can move to the next section. Otherwise, please follow the instruction in this link: User Authentication in Microsoft Azure – BizLibrary
Obtain Billing ID and API Key from BizLibrary
Contact your BizLibrary Client Success Manager and obtain Billing ID and API Key that are required for setting up user/group provisioning from Entra ID. You will need to provide your primary Entra domain and request an OAUTH based API key.
Create a New Provisioning in Entra ID
- Go to the Entra ID console > Enterprise apps
- Select the application that has been configured SSO with BizLibrary.
- Under Manage section, click Provisioning.
- Again, under Manage section, click Provisioning.
- Under Provisioning Mode, select Automatic
- Under Authentication Method, select Bearer Authentication.
- Under Tenant URL, type the following by replacing <billing_id> with your Billing ID. https://scim-api.bizlibrary.com/prod/<billing_id>/scim/v2/oauth
- Under Secret Token, type the API Key that you have obtained from BizLibrary.
- Click Test Connect and see if it succeeds. Otherwise, please contact BizLibrary for troubleshooting.
- Click Save.
- At the top of the page, you see something like Home > Enterprise applications | All applications > your application. Here, you click your application name which brings you back to the top page of your application.
- Click Attribute mapping > Provision Microsoft Entra ID Users
- Make sure Enabled is set to Yes
- Under Target Object Actions, make sure Create, Update, and Dalete are checked.
- If any settings on this page are modified, click Save.
Update Custom Attribute List
Now, we are going to prepare custom user attributes to synchronize with BizLibrary LMS.
- Under your application > Provisioning > Attribute Mapping > Provision Microsoft Entra ID Users, scroll the page to the bottom.
- Click on the checkbox next to “Show advanced options”
- Click Edit attribute list for customappsso
-
Now, you are on Edit Attribute List page that looks like this.
- Add any custom attributes (customappsso User Attribute) that you want to synchronize with BizLibrary from the table below. The required attributes must be included. Beyond those, you may select any additional attributes you wish to sync. Note: All attributes are of type String, unless stated otherwise.
| Item | customappsso User Attribute | Required |
| ID | Id | Yes |
| Active status | active Type=Boolean |
Yes |
| Title | title | Yes |
| emails[type eq "work"].value | Yes | |
| User Name | userName | Yes |
| First Name | name.givenName | Yes |
| Last Name | name.familyName | Yes |
| Street Address | addresses[type eq "work"].streetAddress | |
| City | addresses[type eq "work"].locality | |
| State | addresses[type eq "work"].region | |
| Zip Code | addresses[type eq "work"].postalCode | |
| Country | addresses[type eq "work"].country | |
| Work Phone | phoneNumbers[type eq "work"].value | |
| Employee ID | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber | |
| Cost Center | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:costCenter | |
| Company Name | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization | |
| Department | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department | |
| Manager ID | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager Type=Reference |
|
| Hire Date | urn:ietf:params:scim:schemas:extension:bizlibrary:2.0:User:hireDate |
- Mark the following attributes as required:
- Id
- Active
- emails[type eq "work"].value
- username
- name.givenName
- name.familyName
- Once you are done with updating the custom attribute list, click Save.
Create Attribute Mappings
- On the Entra console, go to your application > Provisioning > Attribute mapping > Provision Microsoft Entra ID Users.
-
Go down the page and find the Attribute Mapping section which looks like below.
- Edit the required attributes as follows if you see any discrepancies.
| customappsso Attribute | Microsoft Entra ID Attribute |
| userName | userPrincipalName |
| active | Switch([IsSoftDeleted], , "False", "True", "True", "False") |
| emails[type eq "work"].value | |
| name.givenName | givenName |
| name.familyName | surname |
- The following table lists optional attributes supported in BizLibrary. You may choose to include any of these attributes for synchronization with the BizLibrary LMS. To add an attribute,
- Click Add New Mapping
- Set Mapping Type=Direct, Source attribute=<any of Microsoft Entra ID Attribute>, Target attribute=<corresponding customappsso Attribute>,
- Click OK.
| customappsso Attribute | Microsoft Entra ID Attribute |
| title | jobTitle |
| addresses[type eq "work"].streetAddress | streetAddress |
| addresses[type eq "work"].locality | city |
| addresses[type eq "work"].region | state |
| addresses[type eq "work"].postalCode | postalCode |
| addresses[type eq "work"].country | country |
| phoneNumbers[type eq "work"].value | telephoneNumber |
| urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber | employeeId |
| urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department | department |
| urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager | manager |
| urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization | companyName |
| urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:costCenter | employeeOrgData.costCenter |
| urn:ietf:params:scim:schemas:extension:bizlibrary:2.0:User:hireDate | employeeHireDate |
Test User Provisioning
You can skip this section if you use only the group provisioning.
- On the Entra console, go to your application > Users and Groups.
- Make sure you have at least one user listed for testing. Otherwise, click +Add user/group > click None Selected > Select one user> click Assign.
- From your application’s top page, click Provision on demand.
- Next to Select a user or group, search a user by name and click Provision, and see if it succeeds. Otherwise, contact BizLibrary for troubleshooting.
Test Group Provisioning
If you don’t use Group Provisioning, skip this section.
- On the Entra console, go to your application > Users and Groups.
- Make sure you have at least one group listed for testing. Otherwise, click +Add user/group > click None Selected > Select one or more groups > click Assign.
- From your application’s top page, click Provision on demand.
- Next to Select a user or group, search a group by name and click Provision, and see if the group provisioning succeeds. Otherwise, contact BizLibrary for troubleshooting.
Enable Automated Provisioning
- On the Entra console, go to your application > Provisioning > Provisioning
- Under Provisioning Status, click On and click Save.
- Click Overview.
- Check Start provisioning.
- Click Provisioning logs and see the group and users are provisioned. Otherwise, contact BizLibrary for troubleshooting.
- Click Overview to check the provisioning interval (e.g. 40 minutes).
Help
If the expected updates do not appear during the provisioning interval, please reach out to your internal IT department or BizLibrary Support at support@bizlibrary.com or 888-315-8707.