Provision and manage users from Azure AD

Joan uses a System for Cross-Domain Identity Management (SCIM) to enable the automatic provisioning of users from Azure AD (AAD). When enabled, all user management will be done only in Azure AD and disabled on Joan's side.

To establish automatic provisioning of the users please follow the provided instructions below.

Enable SCIM integration in the Joan Office portal

Create a new enterprise application in Azure AD

Create Joan SCIM Azure AD application

Configure Mapping

Configure Roles

Adding Users and Groups

Configuring Departments

More information on the SCIM integration can be found in a Microsoft guide here.

Enable SCIM integration in the Joan portal

Navigate to Settings --> Integrations and click on SCIM. When a new window opens, enable the integration and generate a new token. That token will be used to authenticate the connection between Azure AD and Joan.


Create a new enterprise application in Azure AD

Login to your Azure Portal account and navigate to the Active Directory section.

Continue to the Enterprise applications section to create a new non-gallery application.

1_korak_kreiranje_SCIM aplikacije

Configure Joan SCIM Azure AD application

Go to the Provisioning section of the newly created application to connect it to your Joan account.

Make sure to set:

- Provisioning Mode to Automatic

- Tenant URL:

- Secret Token: Copied from the Joan SCIM configuration page

Click on Test Connection to confirm that the connection between your Azure AD and Joan is functional. After confirming that the connection works, click Save. Once Save is clicked, additional options will appear below the Admin Credentials option.


Configure Mapping

Joan supports the mapping of Users, while Group Mapping is currently not available.
To disable the Group Mapping, we will first have to add one active user under the "Users and groups". To do so, please check the step Adding Users and Group

Once the user is added we can proceed with disabling the Group Mapping. Please click on "Provision Azure Active Directory Groups" and disable it. Also, make sure to enable the Provisioning Status, while we're at it.


The next step is to map Azure user attributes to Joan ones. Click on "Provision Azure Active Directory Users" and set the attribute mappings as per the table below. Joan supports the following mapping user attributes: Users (Create, Update, Delete).

By default, Azure should already set everything correctly except the objectId -> externalId mapping. In our case, please select objectId instead of the mailNickname.


Please also make sure that following mapping is added:

  1. Click on Add New Mapping
  2. For Mapping type select Expression
  3. In Expression field paste -> Switch(SingleAppRoleAssignment([appRoleAssignments]), "", "Admin", "Office Manager")
  4. For Target attribute select userType
  5. Click Ok and Save


To make sure all of the attributes are set correctly please check the below table:

Azure attribute Joan


userPrincipalName userName 1

Switch([IsSoftDeleted], , "False", "True", "True", "False")

givenName name.givenName  
surname name.familyName  
objectId externalId  
Switch(SingleAppRoleAssignment([appRoleAssignments]), "", "Admin", "Office Manager") userType  
department urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department  

Configuring Roles

We currently support two roles - a User and an Office Manager.

To create the user roles please follow these instructions:

  1. Please go to App registrations and select the application created for the SCIM integration. NOTE: Don't forget to choose All applications if you can't see your app.
  2. Click on Create app role
  3. Make sure to put Admin as the value and as the display name. The description isn't important.


Adding Users and Groups

To add the users and groups from your Active Directory to the Joan Application please follow these instructions:

  1. Find the application that you previously created for Joan
  2. Go to Users and groups
  3. Click on +Add users/groups
  4. Select the Users/Groups you wish to add
  5. Select the role for the wanted user/group
  6. Click Assign

Note: When adding users, be careful that you are not provisioning the same account under a specific group or as a user 


If the users/groups that you previously added are not syncing, please try to provision them on demand.


Configuring Departments

To assign a department to the user please follow the instructions below:

  1. Navigate to your Joan SCIM AD Azure application
  2. Once there, go to Users and groups and then click on the user you wish to change
  3. When the Profile page opens, click on Edit
  4. Find the Department field in the section Job info and enter the department you wish to add the user to
  5. Save the configuration
  6. Once everything is set up, make sure that you start provisioning the users to the Joan Portal. Navigate to "Provisioning" and click "Start provisioning" and that is it!



If you encounter any issues, please contact