This guide explains how to create an Azure AD app to provision Cmd accounts.
Global admin privileges are required to enable SCIM in Cmd.
- This process works as long as the Azure AD accounts have a primary email. In our testing, we achieved this by inviting existing Azure accounts to Azure AD.
- Because of how Azure batches SCIM synchronization, new accounts may not be provisioned for up to 40 minutes.
Table of Contents
- In the Cmd web app, go to global security settings and scroll down to the, 'SCIM' section.
- Select enable SCIM, then save a copy of the Tenant URL and Secret token (or keep this page open). You will provide them to Azure later.
- In the Azure Portal, navigate to 'Azure Active Directory', then 'Enterprise applications'.
- Click + New application:
- Select Non-gallery application, then name your new app (e.g. 'Cmd'), and click Add.
- In the overview for your new application, go to the Provisioning section.
- Enter the Tenant URL and Secret token you got from Cmd, and set the 'Provisioning Status' to On, then click Save:
How to provision users and user groups
Follow these steps to create Cmd accounts for Azure users.
- To add individual users to Cmd, follow Microsoft's instructions to add users to your Azure app.
- Once you add a user to the Azure app, Cmd will provision their account.
Groups of users
- To add groups of users to Cmd, follow Microsoft's instructions to add user groups to your Azure app.
- Users added in this way will get Cmd accounts with server operator privileges. To grant them different privileges, edit their account in the Cmd web app.
- They will also have a role associated with their Cmd accounts. The role comes directly from the "name" property of the Azure user group:
- To assign a user multiple roles, just assign them to multiple Azure groups with the desired Cmd roles as their group names, and add all the groups to Cmd.
- Confirm that the new users appear on the Cmd web app in the 'Users & roles' settings page.
You can also read a full example of how to use Cmd roles to grant varying permissions.
To learn more about third-party integrations, including other SCIM providers, see the