Table of contents

This article aims to provide you with a guide on how to enable Azure Provisioning for Happeo.

To learn how to set up the Microsoft integrations inside Happeo, please see this article.

In short

To enable Azure AD Provisioning of users and groups:

  • You will need an Azure AD enterprise application, which must be created in your Active Directory
  • You need to be an administrator of your organization in Happeo in order to get provisioning credentials

Create a Happeo enterprise application in Azure

  1. Go to your Azure Portal
  2. Select Azure Active Directory
  3. Under Azure Active Directory, navigate to Enterprise applicationsAzure_AD_Provisioning_in_Happeo_1.png
  4. Under the All applications tab, click on New applicationAzure_AD_Provisioning_in_Happeo_2.png
  5. You will be taken to Browse Azure AD Gallery. Select Create your own application
  6.  Input the name of your app (for example “Happeo Sync”)
  7. Select Integrate any other application you don't find in the gallery
  8. Then click on the Create buttonAzure_AD_Provisioning_in_Happeo_3.png
  9. Once the application is created in a few seconds, you will be taken to the OverviewAzure_AD_Provisioning_in_Happeo_4.png

Obtaining the provisioning credentials from Happeo

  1. Log in with your account to
  2. Go to Admin Settings in the top right corner
  3. Select Integrations and click on the Setup button for Azure ProvisioningAzure_AD_Provisioning_in_Happeo_19.png
  4. (Optional): A modal will pop up asking for your Azure AD tenant ID if we cannot find it
  5. A modal will pop up containing two fields: tenant URL and tenant secret. These will need to be copied to the Azure side into the enterprise application

Enable provisioning for the application

This section has been referenced from this link.

Admin credentials

  1. In the Happeo enterprise application (that you have created), go to the tab Provisioning and click on the Get started buttonAzure_AD_Provisioning_in_Happeo_6.png
  2. Set Provisioning Mode to Automatic
  3. Fill in the Tenant URL and Secret Token that you obtained previously from Happeo
  4. Click on the Test Connection button to verify your Tenant URL and Secret Token
  5. You should receive a success notification. Then click on the Save button to save the configurationAzure_AD_Provisioning_in_Happeo_7.png

Troubleshooting: If the testing is not successful, please retrace your steps. If testing continues to not succeed, please contact our support team.



One attribute mapping must be changed for users to provision correctly.

  1. In the Edit provisioning tab, click on Mappings and then click on Provision Azure Active Directory Users
  2. On this page, we need to change the existing mapping for mailNickame (source) to externalId (target). To do that, click on the row showing that mapping to edit it, and change the source attribute to objectId in the “edit attribute” side-panel. Verify that the target attribute is still externalId
  3. Click “Ok” and verify that the mapping now is from objectId (source) to externalId (target)Azure_AD_Provisioning_in_Happeo_8.png
  4. Save the changes

If for some reason the original mapping does not exist, then you should create a new one, which maps the source attribute objectId to the target attribute externalId.


Two attribute mappings must be created and added in case groups are used in Azure AD.

  1. In the Provisioning Mapping section, click on Provision Azure Active Directory GroupsAzure_AD_Provisioning_in_Happeo_12.png
  2. Check the box Show advanced options and click on Edit attribute list for customappssoAzure_AD_Provisioning_in_Happeo_10.png
  3. Create the following two attributes:
    Name Type




  4. Then click on the Save button. You will be taken back to the Attribute Mapping screen for Groups
  5. Now we need to add two new mappings corresponding to these two newly created attributes. Click on Add new mapping and set the source attribute to be mailEnabled and the target attribute to be the newly created attribute urn:ietf:params:scim:schemas:extension:happeo:2.0:Group:emailEnabled. Click “Ok”
  6. Repeat this, setting the source attribute this time to be mail and the target attribute urn:ietf:params:scim:schemas:extension:happeo:2.0:Group:email
  7. After you have added these two mappings, don’t forget to save the changes. The screenshot shows what you should end up with as mappingsAzure_AD_Provisioning_in_Happeo_11.png

Specify users and groups to provision

This is done by first allowing the enterprise application to sync all users and groups, then adding scoping filters.

Sync all users and groups

  1. In the Provisioning Settings section, choose Sync all users and groups for scope
  2. Click on the Save button to save the changesAzure_AD_Provisioning_in_Happeo_12.png

Scoping filters

This section has been referenced from this link.

  1. In the Provisioning Mappings section, click on Provision Azure Active Directory Groups or Provision Azure Active Directory Users to manage scoping filters on groups or usersAzure_AD_Provisioning_in_Happeo_13.png
  2. You will be taken to the Attribute Mapping view. Click on Source Object ScopeAzure_AD_Provisioning_in_Happeo_14.png
  3. You will be taken to the Source Object Scope view. Click on Add scoping filterAzure_AD_Provisioning_in_Happeo_15.png
  4. Specify the Filtering Criteria
  5. Provide a Scoping Filter Title
  6. Click on the Ok button to save the scoping filterAzure_AD_Provisioning_in_Happeo_16.png

You will see the new scoping filter in Source Object Scope and you can continue adding more scoping filters.Azure_AD_Provisioning_in_Happeo_17.png


Start provisioning

  1. Go back to the Provisioning menu. You should see the configured provisioning
  2. Tap on the Start provisioning button to start the automatic provisioning from Azure AD to Happeo Azure_AD_Provisioning_in_Happeo_18.png