This guide explains how to create an Azure AD app to provision Cmd accounts.

Prerequisite

Global admin privileges are required to enable SCIM in Cmd.

Limitations

  • This process works as long as the Azure AD accounts have a primary email. In our testing, we achieved this by inviting existing Azure accounts to Azure AD.
  • Because of how Azure batches SCIM synchronization, new accounts may not be provisioned for up to 40 minutes. 

Table of Contents

 
Cmd setup

  • Select enable SCIM, then save a copy of the Tenant URL and Secret token (or keep this page open). You will provide them to Azure later.

 

Azure setup

  • In the Azure Portal, navigate to 'Azure Active Directory', then 'Enterprise applications'.
  • Click + New application:
  • Select Non-gallery application, then name your new app (e.g. 'Cmd'), and click Add. 
  • In the overview for your new application, go to the Provisioning section
  • Enter the Tenant URL and Secret token you got from Cmd, and set the 'Provisioning Status' to On, then click Save: 

 

How to provision users and user groups

Follow these steps to create Cmd accounts for Azure users. 

Cmd accounts created using SCIM start with server operator privileges. To grant different privileges, admins can edit accounts in the Cmd web app.

Individual users

  • To add individual users to Cmd, follow Microsoft's instructions to add users to your Azure app.
  • Once you add a user to the Azure app, Cmd will provision their account.

Groups of users

  • To add groups of users to Cmd, follow Microsoft's instructions to add user groups to your Azure app.
  • Users added in this way will get Cmd accounts with server operator privileges. To grant them different privileges, edit their account in the Cmd web app.
  • They will also have a role associated with their Cmd accounts. The role comes directly from the "name" property of the Azure user group:
  • To assign a user multiple roles, just assign them to multiple Azure groups with the desired Cmd roles as their group names, and add all the groups to Cmd. 

You can also read a full example of how to use Cmd roles to grant varying permissions.

  

Related resources:

To learn more about third-party integrations, including other SCIM providers, see the
integrations overview

Did this answer your question?