SCIM integration (user provisioning)

Why use the SCIM integration?

If you have groups of users that wish to use different Subscription Plans (e.g. ‘Ampler Professional for PowerPoint’ and ‘Ampler Suite’), then you can manage this in Ampler by creating a Team for each Subscription Plan. However, this creates a maintenance burden since you now have to manage which user should be assigned to which Team. To ease this burden and make everything manageable from within your existing IdP (e.g. Microsoft Entra ID / Azure AD), you can set up the SCIM integration in Ampler. The SCIM integration allows you to sync members of 1 AD Group to 1 Team in Ampler. Thus, when you add new users to the AD group in your IdP, these users will automatically be associated to the correct Ampler Subscription Plan.

Steps to enable the SCIM integration

To enable the Ampler SCIM integration, please follow these steps:

1. Navigate to https://portal.azure.com > Microsoft Entra ID
2. Ensure that you have created an AD Group for each Team that you have in Ampler. For each AD Group, note down the Group’s Object ID.
3. Navigate to https://my.ampler.io, log in, and click on ‘Manage’ next to your license
4. Scroll down to the ‘SCIM Integration’ section and:

   • Fill in the Group Object IDs next to each corresponding Team.

     The AD Group in Microsoft Entra ID doesn’t need to have the same name as the Team in Ampler.

   • Click ‘Regenerate SCIM token’ and copy the token.
   • Click ‘Save integration settings’.
5. Navigate to https://portal.azure.com > Microsoft Entra ID
6. Go to ‘Enterprise applications’ (NB: not ‘App registrations’)
7. Click ‘Create your own application’
8. Name it ‘Ampler’
9. Choose ‘Integrate any other application you don’t find in the gallery (Non-gallery)’
10. Click ‘Create’
11. In the newly created Enterprise Application, select the ‘Provisioning’ tab in the left menu
12. Click on ‘Connect your application’ and fill out the following:
• Tenant URL: https://api.ampler.io/scim
• Secret token: Paste the token you copied earlier
• Click ‘Test connection’ and if successful click on ‘Create’
13. Now go to ‘Manage’ > ‘Users and groups’ in the left menu
14. Add the Groups which you want to synchronize to Ampler.
15. Now go to ‘Manage’ > ‘Provisioning’ in the left menu
16. Set ‘Provisioning Status’ to ‘On’, then click ‘Save’.
17. Microsoft Entra ID will now periodically sync the Group membership state to Ampler, and your users will automatically have access to the correct Ampler products.

What user information does Ampler store when using the SCIM integration?

We only store each user’s UPN. When using the SCIM integration, we do not store any additional user information that we wouldn’t store if you didn’t use the SCIM integration. Ampler utilizes the user’s UPN to uniquely identify a user being assigned to a seat. The UPN may or may not correspond to the user’s e-mail address. That depends on how you have set it up in your IdP.

Should I use SCIM if all my users are on the same subscription plan?

No. In this scenario you can simply deploy Ampler and each user will automatically take up a single seat on your company license. There is no reason to provision users if they are all on the same Subscription Plan.