Linking Tribe CRM with Azure AD using SCIM allows you to manage users centrally from Azure AD. It is useful when you want to automate creating, updating, blocking, and removing users without manual work in Tribe. You might use this setup when Azure AD is your primary identity management system. By following this guide, you will know how to activate the link and configure both Tribe CRM and Azure AD correctly.
Table of Contents
What Does The Link With Azure AD Do?
How Do You Activate The Link In Tribe CRM?
How Do You Configure Azure AD For SCIM Provisioning?
How Are Users Managed Through Azure AD?
What Settings Are Required If Single Sign-On Is Not Used?
What Does The Link With Azure AD Do?
The link with Azure AD uses the SCIM provisioning protocol to manage Tribe CRM users automatically. Actions such as creating, updating, blocking, and deleting users are handled in Azure AD and synchronised with Tribe.
Tribe CRM receives updates from Azure AD when a user is created, updated, blocked, or deleted. When a new user is created in Azure AD, Tribe checks whether the email address already exists. If it does, the Azure user is linked to the existing Tribe user. If it does not, a new user and employee record are created in Tribe.
When a user is blocked or deleted in Azure AD, the user is marked as blocked in Tribe CRM. After automatic creation, a Tribe administrator assigns the required roles to set the correct permissions.
How Do You Activate The Link In Tribe CRM?
Log in to Tribe CRM.
Click Marketplace.
Open the Identity Management tab.
Select Azure SCIM.
Activate the link.
Copy the Tenant URL and Secret Token.
These values are required when configuring Azure AD.
Note: If you are not using Single Sign-On, enable Email Recovery Password so new users receive an activation email from Tribe.
How Do You Configure Azure AD For SCIM Provisioning?
Open the Azure Active Directory Admin Centre.
Select Enterprise Applications.
Click + New Application.
Select + Create Your Own Application.
Enter an application name, such as TribeCRM-SCIM.
Select Integrate Any Other Application You Don’t Find In The Gallery (Non-Gallery).
Click Create.
Once the application is created:
Open Provisioning.
Select Provisioning under Manage.
Change Provisioning Mode to Automatic.
Enter the Tenant URL and Secret Token from Tribe.
Click Test Connection.
Click Save when the connection is successful.
Next, configure provisioning behaviour:
Open Mappings.
Set Provision Azure Active Directory Groups to No.
Set Provisioning Status to On.
Click Save.
Finally, assign users:
Open Users And Groups.
Click + Add User/Group.
Select the required users or groups.
Click Assign.
Assigned users are automatically created in Tribe CRM.
Note: Provisioning may take some time. You can monitor progress via Audit Logs in Azure AD.
How Are Users Managed Through Azure AD?
User access is controlled from Azure AD after the link is active.
Creating a user in Azure AD creates or links a user in Tribe.
Updating a user updates the linked Tribe user.
Blocking or deleting a user in Azure AD blocks the user in Tribe.
If a user’s email address changes in Azure AD, it must be updated manually in Tribe CRM. If the Azure username is a valid email address, it is used as the Tribe username. If not, the primary email address is used. If neither is available, user creation fails.
To remove access, delete the user or group assignment in Users And Groups.
What Settings Are Required If Single Sign-On Is Not Used?
When Single Sign-On is active, users do not need a Tribe password. If Single Sign-On is not used, enable Email Recovery Password in the Azure SCIM settings in Tribe.
When a new user is created in Azure AD, Tribe sends an email prompting the user to set their password before logging in.
Quick Summary
Linking Tribe CRM with Azure AD using SCIM automates user management from Azure AD. Users are created, updated, blocked, or removed in Tribe based on Azure AD actions. After activation, administrators manage access centrally while Tribe stays synchronised automatically.