Go to the Enterprise applications section > Click on the "New application" button

Then click on "Create my own application"

Choose the name of your application, "Tomorro" for example, and select the "Integrate with any other application" option. Click on "Create".

Go to "Provisioning" in the left-hand menu

Fill in the information from Tomorro's SCIM module, copying and pasting the information from the integration module into Azure, then test the connection

Once tested, save the information

A "Mappings" section should then appear below the test button, allowing us to continue with the configuration

Open the user mapping section

Open the attribute whose customappsso is "userName" by clicking on its line

Make sure the information is filled in as shown below, in particular that the source attribute is set to "mail", then validate using the "Ok" button in the bottom left-hand corner

Also open the attribute whose customappsso is "externalId", and make sure the information is filled in as below, in particular that the source attribute is set to "objectId", then validate via the "Ok" button in the bottom left-hand corner

To set up a Tomorro role (admin, manager, contributor) directly from Azure, you'll need to add a new mapping, click on "Add New Mapping"

Fill in all the information as shown below, making sure that the target attribute is userType. As for the source attribute, this is any attribute you use on Azure. We've taken "jobTitle" as an example. But you could, for example, create a "tomorroRole" attribute

You can then fill in this attribute value from within Azure to indicate the role to be assigned in Tomorro, either from the user directly, or from an assignment to an Azure group. Here's an example of how to fill in the attribute from a user file for an admin role

The values to be entered in the attribute for the various Tomorro roles are as follows:

Finally, delete all superfluous attributes using the "Delete" button at the far right of the line, to keep only the 6 attributes whose cusomappsso is userName, active, name.givenName, name.familyName, externalId and userType, then save using the button at the top left

Now return to the previous section via the breadcrumb. Then refresh the page if necessary after a few minutes to see the Tomorro application

Ouvrez l'application.

Open the "Provisioning" section, then the "Provisioning" section again

Activate automatic provisioning, then save

Open the "Users and groups" section, then select "Add user/group"

Open the right-hand pane by clicking on "None selected" under "Users and groups". Then select a first group or test user in the right-hand pane. Save at the bottom of the panel

Confirm the operation by clicking on "Assign" in the bottom left-hand corner

All users and groups assigned in this way will be provisioned in Tomorro. If provisioning is via a group, the group will be created in Tomorro, and users added to this group

Groups created on Tomorro cannot be back-synchronized with Azure groups. We recommend that you recreate these groups from Azure, then use these new groups provisioned via SCIM to add access to the various Tomorro folders and templates. This is an initial investment that will save you valuable time in the long term, automating more granular access to Tomorro directly from Azure.

It may be clearer and more efficient to separate "access" and "role" groups. You could have different groups for your departments, or geographical areas, giving access to certain templates or parts of your contract library, and then have an "Admins" group and a "Managers" group that set the userType attribute.

Azure enables particularly precise and complex mappings. If this is important to you, please visit this Microsoft documentation directly.