Settings
      Back to home
      1. Collaboard Help Center
      2. Administration
      3. Settings

      SCIM settings

      Learn how to set up SCIM to sync your AD users to Collaboard.

      Availability
      SCIM settings are available to Enterprise plans. Accessible for owners and managers.

      On premise customers: please start here.

      Connect to Collaboard's SCIM endpoint

      For an introduction to SCIM at Collaboard and to learn about the SCIM methods we support refer to this article. Return here for the setup.

      Login to your Collaboard account and navigate to Settings/ SCIM Settings:

      First step: Create the SCIM settings

      Click Create settings to get started. A side panel will open:

      SCIM Manager username
      You need to specify a user that will invoke the SCIM APIs. This user will simply get new permissions. You may use an existing user or create a new user dedicated for SCIM.

      You may define several users. This will NOT overwrite the existing SCIM manager, but rather add a new SCIM manager. Thus, there will be as many SCIM connections as there are SCIM managers.

      Depending on the auth method you will use to call the SCIM endpoint, the SCIM Manager user will actually need to login and create an API Key once. Thus, you might want to consider taking a user with login credentials.

      Licensed groups
      SCIM will sync your AD users with Collaboard. They will be free users without a license by default. There are two options to automatically assign licenses to your AD users:

      1. Using the licensed groups for SCIM: simply type the exact name of the AD groups that contain the users that you want to receive a license from your subscription.
      2. Auto-assign license to ALL new users: if you want all your users to receive a license, you do not need to specify licensed groups. During your onboarding we will ask you, whether you want to enable this feature and thus configure your tenant accordingly.
        Beware: each user that is synced will get a license. There will be no free users.

      Saving the settings will result in this summary:

      Now, you are ready to establish the SCIM connection.

      You may edit or delete your settings at any time.

      Deleting the settings will remove the SCIM manager permission from the user you had specified and thus revoke the auth token.

      Second step: Authenticating at the SCIM endpoint

      To call the SCIM endpoint you need to have an auth token. 

      There are two options to get an auth token to call the SCIM endpoint:

      1. get a never expiring auth token (e.g. used by Azure AD):
        Review your SCIM settings and click Generate auth token

        The token is now in memory and will not be stored. You need to copy it. Once you have confirmed the copy action the modal will close. There is NO way to access the token again. If you have lost the token, delete the SCIM settings and start over.

        The token is valid for five years. Handle the token with care! ANYONE with the token can make a SCIM call on behalf of the SCIM manager. If you have lost the token or suspect misuse, delete the SCIM settings and start over with a NEW user. If you use the old user again, the original token will be reactivated.

        Next, use the auth token as the bearer token in the Authorization header for the SCIM calls at your provisioning application. This will establish the connection with our SCIM endpoint.

      2. get a real time auth token
        Create an API Key with the SCIM Manager user and use the API key to call our public API.
        Next, use the auth token as the bearer token in the authorization header for the SCIM calls at your provisioning application. This will establish the connection with our SCIM endpoint.

      You are all set now.

      The SCIM sync will run whenever you call the SCIM endpoint. There is no rate limit.