Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Administrator H2L
  • All Products

Table of Contents

Search

  1. Abstract
  2. Supported Versions
  3. Setting up SCIM with Azure Active Directory

Setting up SCIM with Azure Active Directory

Setting up SCIM with Azure Active Directory

Back Next

Step 1. Create a provisioning app in Azure Active Directory

Step 1. Create a provisioning app in Azure Active Directory

Create an app in Azure AD to provision users and groups in
Informatica Intelligent Cloud Services
.
  1. Sign into Azure AD as an administrator and select
    Azure services
    Enterprise Applications
    .
  2. Select
    New application
    Create your own application
    .
  3. Enter a name for the app, select
    Integrate any other application you don’t find in the gallery
    , and click
    Create
    .
  4. In the left panel of the app, select
    Single Sign On
     and select
    SAML
    .
  5. On the
    Set up Single Sign-On with SAML
     page, configure the following settings, and then click
    Save
    :
    Setting
    Value
    Identifier (Entity ID)
    https://<organization ID>.<hostname>
    For example,
    https://12a3b4cdef5gh67ijklm8n.dm-us.informaticacloud.com/
    Reply URL (Assertion Consumer Service URL)
    <IICS base URL>/identity-service/acs/<organization ID>
    For example,
    https://dm-us.informaticacloud.com/identity-service/acs/12a3b4cdef5gh67ijklm8n
    Sign on URL
    <IICS base URL>/ma/sso/<organization ID>
    For example,
    https://dm-us.informaticacloud.com/ma/sso/12a3b4cdef5gh67ijklm8n
    You do not need to configure the
    Relay State
     or
    Logout Url
     here.
  6. On the
    User Attributes & Claims
     page, configure the attributes that you want to sync through the SAML token such as givenname, surname, and emailaddress.
  7. If you want to sync groups, create a group claim which sends the group external ID in the SAML response.
    App roles are sent in the SAML token by default, so you don't have to create a claim for roles.
  8. On the
    SAML Signing Certificate
     page, download the service provider metadata file as an XML file.
    You will use this file to set up SAML in
    Informatica Intelligent Cloud Services
    .
0 COMMENTS
We’d like to hear from you!
David Samuels - September 29, 2024

I see this step has us manually "create your own" enterprise application. The option to select "Informatica Intelligent Data Management Cloud" from the Microsoft Entra Gallery does NOT support SCIM provisioning - and cannot be changed to enable it - is this something that will be supported in the future? 

Without provisioning - the "Enable IDP to push..." box is not checked, and user attributes and group to role mappings are pulled from AD on authenticated logon vs pushed with provisioning.

Also, I have observed that when setting up claims for non SCIM provisioning, we needed add job title and phone number and enter the "claim name" vs the more intuitive "value" from step 7 graphic above in the Informatica- Administrator- SAML Setup-SAML Attribute Mapping page. The "user friendly" button didn't seem to work in populating attributes. In addition, the groups claim in step 7 needed an adjustment (per a blog entry I read) to use the last option - "Groups assigned to the application" and change the Source attribute selection to "Cloud-only group display names". This enables the name of the AD group to be entered under the Informatica SAML Setup section - SAML Group Mapping tab as the name of the AD group in each role line and creates the security group as that name vs the Entra ID group ID which is far less intuitive. I hope this information helps someone and clarifies their setup.

Informatica Documentation Team - September 30, 2024

Hi David,

Thanks for reaching out! We're not sure whether the option to select "Informatica Intelligent Data Management Cloud" from the Microsoft Entra Gallery does will support SCIM provisioning in the future. Can you please reach out to Informatica Global Customer Support with this enhancement request?

Thank you for sharing your other observations. If you have a specific request to update the content of this article, please let us know.