Azure SCIM Attributes

5min
This page is specific to role attribute mapping in Azure directory sync and SCIM provisioning.
It assumes that the SAML/SCIM app was already added and configured following the steps within your organization on Rollstack.
First, you need to add a new app role
1
Open your Rollstack SAML app
2
Click on Users and Groups in the right sidebar
3
Click on the application registration
﻿
﻿
Now, you should be on the dedicated App Roles page
1
Click on Create app role
2
Set a display name
For the sake of the example rollstack_admins, but you can chose any name
3
Set a value admin
The value is not important either
﻿
Once the app role is created, we will map the user attribute
1
Click on the Provisioning sidebar option
2
Under the section Mappings, you can click on Provision Microsoft Entra ID Users
﻿
Now you can define a new attribute mapping
1
At the bottom of the page, click on Add new mapping
2
Select Expression
3
Set the following expression
If you chose a different name than rollstack_admins for the role, please update it in the expression below.
Bash
IIF(SingleAppRoleAssignment([appRoleAssignments])="rollstack_admins", "admin", "member")
IIF(SingleAppRoleAssignment([appRoleAssignments])="rollstack_admins", "admin", "member")
﻿
4
Set userType as a target
﻿
﻿
Now you can assign this new role to Users or Groups.
1
Click on the section Users and Groups
2
Assign the new role
You can edit either an assignment using Edit assignment
Or you can add a new user or group with the role using Add user/group
﻿
﻿
﻿
Updated 08 Nov 2024
Did this page help you?
Authentication
Network Whitelisting