With this integration you can automatically provision and deprovision employee accounts – keeping Peakon survey participation in sync with any system supporting the SCIM protocol, including Microsoft Azure Active Directory and more.

This method supports multiple systems to update and sync employee records.

About SCIM 2.0

SCIM 2.0 is a specification of a REST-like protocol for one-directional provisioning of users over HTTP. Your existing identity management system can be configured to automatically synchronize changes made to its database to a third party application like Peakon.

In the SCIM protocol, the central identity management system is called the identity provider and the third party application is called a service provider. By configuring Peakon as a service provider with your existing identity management system, your organization will be able to take full advantage of automatic account provisioning.

Supported operations

Peakon supports the following set of operations in the SCIM 2.0 protocol:

• Creating users (email, first and last name)

• Updating users (email, first and last name)

• Deleting users

• Activating/deactivating users

• Bulk operations for users

Group-related operations are currently not supported.

Configuration

As an administrator of Peakon, you will need to enable the employee provisioning integration before enabling provisioning in Okta.

You can do this by following these steps:

1. Log into your Peakon account at https://app.peakon.com

2. Go to Administration > Integrations > Employee provisioning

3. Click Connect and you will see the below fields

From this page use the SCIM URL and OAuth Bearer Token below to configure your SCIM 2.0 Identity Provider to automatically sync changes to Peakon.

For full documentation of our employee provisioning API, read our User provisioning integration guide.

On-premise vs. Azure Active Directory

User provisioning through SCIM 2.0 is only available through the hosted AD version called Azure Active Directory. If you are currently using an on-premise Active Directory solution it will need to first be configured to sync its data to Azure Active Directory using Azure AD Connect, as described What is hybrid identity with Azure Active Directory?.

When configuring Azure AD for provisioning, it is important to only enable syncing of Users, but disable Groups. Peakon does not support SCIM groups at this time, so it will not reflect groups as defined in Azure AD.

Troubleshooting

Q: I am using Azure AD and users are not being created/updated as expected? 

A: Check that you have configured Azure AD to use the base SCIM URL without the /scim/v2 path at the end, as Azure appends this automatically.