Docs

Search

Help & Feedback

Home
Essential Knowledge
By Type
Building Blocks
APIs
Releases

SCIM Connector Roles Configuration

How-to Guide

Author:

Fluent Commerce staff

Changed on:

9 Feb 2024

Key Points

When an enterprise application needs to be configured in Azure, App roles need to be added on Azure Active Directory, and dynamic roles need to be set up on Fluent OMS.
it’s possible to manage the roles individually or via Group management on Microsoft Entra.

Steps

Prerequisites

You have an enterprise application to configure in Azure. You can go here for how to create an application
Understand the definition of App Role Convention

This page explains how to configure App Roles for an enterprise application in Azure Active Directory and Dynamic Roles in Fluent Commerce.

App Roles Configuration

Note

For further information about how to setup roles in Azure Active Directory, you can go here

This is how to configure the application roles following the App Role Convention:

Step 1

Go to Microsoft Azure portal.

Step 2

Select Enterprise applications then select your enterprise application.

Step 3

Select User and groups then Application Registration.

No alt provided

Step 4

Select Create app role CTA.

No alt provided

Step 5

Fill in the form and click Apply CTA

Please ensure the Value field in the form following the App role convention:
<FLUENT_CONTEXT_TYPE>_<FLUENT_CONTEXT_ID>_<FLUENT_ROLE_ID or IDP_LOGICAL_ROLE_ID>

Note: The display name itself could be anything explanatory. It is the “value” which should follow the pattern.

No alt provided

Step 6

Review the role which has just been created

No alt provided

Dynamic Roles Configuration

Note

Follow the steps given above under App Roles Configuration and create a new role like AGENT_4_Store_Colleague . Make a note of the dynamic app role Id ( in this example Store_Colleague ) , which will be used in the setting configuration detailed in the steps below.

Step 1

Go to Settings in OMS, find and open the key

`fc.connect.scim-connector.provisioning.pipeline.config`

Step 2

Make sure to configure inside rules: the elements below:

```
`"condition"`
```
: a fixed text
```
`"type": "HAS_APP_ROLE"`
```
: a fixed text
```
`"appRole"`
```
: is the IDP Logical role defined in App Roles Configuration section that will be translated from.
```
`action`
```
: a fixed text
```
`"type": "MAPPING_ROLE_ASSIGNMENT"`
```
: a fixed text
```
`"sourceAppRole"`
```
: is the IDP Logical role defined in App Roles Configuration that will be translated from.
```
`"targetRoles"`
```
: is a list of Fluent roles defined in OMS > Admin > Settings > Roles & Permissions that will be translated to.

You can configure many rules as required.

No alt provided

1{
2    "rules": [
3        {
4            "condition": {
5                "type": "HAS_APP_ROLE",
6                "appRole": "Store_Colleague"
7            },
8            "action": {
9                "type": "MAPPING_ROLE_ASSIGNMENT",
10                "sourceAppRole": "Store_Colleague",
11                "targetRoles": [
12                    "STORE",
13                    "CUSTOMER_COLLECTION_MANAGER",
14                    "RETURNS_MANAGER"
15                ]
16            }
17        },
18        {
19            "condition": {
20                "type": "HAS_APP_ROLE",
21                "appRole": "Dat_Test"
22            },
23            "action": {
24                "type": "MAPPING_ROLE_ASSIGNMENT",
25                "sourceAppRole": "Dat_Test",
26                "targetRoles": [
27                    "STORE",
28                    "CUSTOMER_COLLECTION_MANAGER",
29                    "GRAPHQL"
30                ]
31            }
32        }
33    ]
34}

Language: json

Name: Sample

Description:

[Warning: empty required content area]

User Management

Step 1

How to manage a user Add or delete users - Microsoft Entra

Step 2

How to assign roles to user Manage Azure AD user roles - Microsoft Entra

Step 3

How to provision on-demand Provision a user or group on demand using the Azure Active Directory provisioning service - Microsoft Entra

Group Management

Step 1

How to manage a group How to manage groups - Microsoft Entra

Step 2

How to assign roles to groups: The same steps of “How to assign roles to the user,” but instead of selecting users, you can select the groups and continue assigning roles to them.

Step 3

How to provision a group: Fluent SCIM connector does not support provisioning groups

Related content

SCIM Connector Features

Edited 248 days ago

There are a number of features provided as part of the SCIM Connector.

SCIM Connector Architecture

Edited 243 days ago

The integration between Azure Active Directory (or any other Identity Manager supporting SCIM 2.0 Specification) and the Fluent Commerce platform is done via a new component referenced further as Fluent Commerce SCIM Connector.

SCIM Connector Provisioning Configuration

Edited 248 days ago

Fluent Commerce staff

Copyright © 2024 Fluent Retail Pty Ltd (trading as Fluent Commerce). All rights reserved. No materials on this docs.fluentcommerce.com site may be used in any way and/or for any purpose without prior written authorisation from Fluent Commerce. Current customers and partners shall use these materials strictly in accordance with the terms and conditions of their written agreements with Fluent Commerce or its affiliates.