The following provisioning features are supported when using provisioning from Azure to Peakon:
- Create Users: New or existing users in Azure will be pushed to Peakon as new employees.
- Update User Attributes: Updates to user profiles in Azure will be pushed to Peakon.
- Deactivate Users: Users deactivated in Azure will be automatically disabled in the Peakon, and will not be included in any engagement surveys beyond the point of deactivation. If reactivated, users will again start receiving scheduled engagement surveys.
Once connected, Azure AD runs a synchronisation process every 40 minutes where it queries the Peakon’s SCIM endpoint for assigned users and groups, and creates or modifies them according to the assignment details.
The following Azure AD attributes will be synchronised to Peakon:
- First name
- Last name
- Employee number
In addition, custom attributes can be added to Azure to sync information like department, manager, date of birth and more to Peakon. See the Mapping Attributes section of this article for more details.
As an administrator of Peakon, you will need to enable the employee provisioning integration before enabling provisioning in Azure AD.
You can do this by following these steps:
Log into your Peakon account at https://app.peakon.com
- Go to Administration > Integrations > Employee provisioning
Click Connect and you will see the below fields
3. Configuration steps
You are now ready to configure Azure to provision users to Peakon:
1. Navigate to Azure Active Directory using the menu bar on the left.
2. Navigate Enterprise Applications. If you have already configured Peakon for single sign-on (see Set up single sign-on with Azure AD through the App Gallery) then you should have Peakon listed. If not, please create a New Application using the menu at the top:
Use the App Gallery to browse for Peakon.
3. Once the App is created, navigate to Provisioning.
4. Select Automatic as the Provisioning Mode.
5. You will now need to add the SCIM URL from Peakon as the Tenant URL. This should be https://api.peakon.com/scim/v2.
5. Now, copy the OAuth Bearer Token from the Peakon settings page (in the Prerequisites step) as Secret token. Click on Test Connection to validate the connection.
6. Optionally, add an email address to receive notifications if an error occurs.
4. Mapping Attributes
Under the Mappings section, select Synchronize Azure Active Directory Users to Peakon.
The default mappings will be shown.
You can add additional mappings by clicking on Show Advanced Options > Edit attribute list.
6. Adding Custom Attributes
Adding attributes such as Employee Number, Manager and Department requires the use of the SCIM enterprise attribute extension.
- As an example, Department would be: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:Department
- For adding custom attributes that exist in Peakon, make sure you follow the Peakon extension. As an example, Job Title would be: urn:ietf:params:scim:schemas:extension:peakon:2.0:User:Job Title
Once you have added the correct extension and attribute name, choose the Data Type (e.g. string, integer, boolean, datetime etc).
You then need to map this to the matching field in Azure Active Directory. To add the mapping, click on Add Mapping.
The source attribute is from Azure and target is the attribute in Peakon.
Once the attributes are mapped, scroll down and set the provisioning status to On. Click Save to complete configuration.