SCIM rules
A SCIM rule describes users in their SuperOffice CRM Online tenant.
The SuperOffice Identity Manager gives administrators access to a wizard where they can configure rules for how users shall be configured in our system.
The Azure portal sets the mapping from Microsoft Entra ID (formerly AAD) to the SCIM schema.
The SuperOffice Identity Manager sets the mapping from the SCIM schema to SuperID user accounts.
Rule-based user selection
The set of rules in SCIM defines a subset of users that will be synchronized into SuperOffice.
Only users who are affected by at least one rule will be sent to SuperOffice. For example, if an organization has 100 users and 10 groups, and there is only one rule with the condition In group = Group1, only users who are members of Group1 will be synchronized. The remaining users will be ignored, even if they are sent to SCIM from Entra ID.
User selection happens in two steps:
- In Microsoft Entra ID, by selecting which users or groups to provision to SCIM.
- In SCIM, by applying one or more rules that determine if a user is included.
If there is at least one active rule with NotInGroup scope, all users in the tenant will be synchronized.
Property updates
As of version 10.5.2, SCIM will not change a property unless there is a rule that explicitly sets a value. This applies only to properties that are controlled by SCIM rules.