SCIM 2.0, the System for Cross-domain Identity Management open standard, allows for user identity information management between cloud systems. Talkdesk® enables automatic and simplified user management through the SCIM 2.0 protocol.
Over the SCIM API, Talkdesk receives the following user information, creating the user based on it: first name, last name, and e-mail address. By default, the user status is "active", which means that the licensing is automatically consumed on provisioning.
Prior to initiating the configuration, please ensure the necessary credentials to provide the service are available (OAuth token), and that enough licenses exist at Talkdesk for all the users. If at the end of the procedure, some users are provisioned with the “Deactivated” status in your Microsoft ADFS console, it may be due to the lack of licenses for all new users. In this case, please check the complete information in Agents and Licenses.
Notes:
- The SCIM API does not work for Talkdesk Phone user creation.
- The rate limit for this API is 4 requests per second, if you encounter a 429 response status code (Too many requests), please retry within the next second.
Managing Users via SCIM 2.0 with Microsoft Entra ID
Talkdesk supports the users' resources with the SCIM API, allowing read, create, update, and delete operations.
In order to manage users via SCIM 2.0 with Talkdesk check this Microsoft Entra ID.
Next, please follow these steps:
- Sign in to the Microsoft Entra ID portal.
- Select Enterprise applications from the left pane.
- Select + New application > All > Non-gallery application (available in the old gallery. experience) or select Create your own application (select also “Integrate any other application you don’t find in the gallery”).
- Create > Define the name of your application.
- In “Assign users and groups” define the users you wish to have provisioned.
- Select Provisioning User Accounts.
- Select Configure automatic provisioning (right side of the screen) > Get Started.
- In Provisioning Mode select Automatic.
- In the Tenant URL field, enter Talkdesk’s SCIM endpoint: https://api.talkdeskapp.com/scim/v2.
- Copy the required OAuth bearer token into the optional Secret Token field.
- Test the connection.
- You can also define a Notification Email for failed operations.
- Save the application (top left corner of the page).
- In Mappings, you should have the following information:
customappsso Attribute | customappsso Attribute |
userPrincipalName | userName |
Switch([IsSoftDeleted], , "False", "True", "True", "False") | active |
givenName | name.givenName |
surname | name.familyName |
objectId | externalId |
SingleAppRoleAssignment([appRoleAssignments]) *This field is not mandatory, it should only be used in case you want to assign the Role for the User. Note: If the Role field is empty, Talkdesk will create the user with the default Role Agent. |
urn:ietf:params:scim:schemas:extension:talkdesk:2.0:User:rolesString |
Alter the Provisioning Status to On and Save.
How to Get Access to the SCIM API
Setup and enablement are conducted by Talkdesk. Please reach out to us if you wish to use this feature.
Token Renewal
Talkdesk SCIM API offers out-of-the-box integration with Microsoft Entra ID.
For SCIM API, the default token duration for the SCIM API OAuth client is 30 days. This means you will have to renew the token every 30 days. For more information, refer to Authentication.