This guide will take you through the steps needed to perform in both Teamgo and Microsoft Entra ID to configure automatic user provisioning using a Custom Application in Azure Portal.
If you do not need group attributes or PIN support, please follow this guide instead.
When configured, provisions and de-provisions of users and groups to Teamgo using the Microsoft Entra ID Provisioning service.
Create users in Teamgo
Remove users in Teamgo when they no longer require access
Keep user attributes synchronized between Microsoft Entra ID and Teamgo
Synced users' notifications will be set based on default notification settings.
Single sign-on to Teamgo (recommended)
1. Enable Entra ID in Teamgo
Open a new browser tab/window, navigate to the Teamgo Integrations page (https://my.teamgo.co/integrations), click Enable or Configure on the Microsoft Entra ID integration, and copy the required credentials under the Credentials tab (Secret Token and Tenant URL).
Assigning Groups
Important: All mapping must be configured correctly prior to beginning full provisioning. If it's done afterward, Microsoft Entra ID does not resend users' details to Teamgo until a user's data is updated.
Under Assign groups based on Department Name OR Group, select Group name
Important Notes:
'Sync all users' will assign users to all kiosks.
'Sync and assign users to locations and kiosks as host' will assign Users based on the configured mapping. If no mapping is found for a particular user, they will still be synced without mapping.
'Assign default groups' = all users will be assigned to these groups
2. Microsoft Entra ID Configuration
Go to https://portal.azure.com and log in using your Azure administrator credentials and follow these steps:
2.1 Click on Enterprise applications to start creating a new custom app.
2.2 Click on the + New application option (Manage > All Applications sidebar option).
2.3 Enter a name for your application, select the Integrate any other application you don't find in the gallery (Non-gallery) radio button, and click Create.
2.4 In the application’s Manage section, click Provisioning.
2.5: Click + New configuration.
2.6 Copy and paste the Tenant URL and Secret Token from Step 1 into the New provisioning configuration form, and click Test Connection to verify.
If successful, click Create.
3. Setup Users Mapping
Follow the steps below to for User attribute mapping. You may skip this step if not required.
Important Notes:
Teamgo implement the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber data as the user PIN field. Map this field to your Microsoft Entra ID attribute if usage is required. The PIN field allows user to quickly check-in on the tablet kiosk.
3.1 Click on Manage -> Provisioning
Expand the Mapping accordion list to see options to configure Users and Groups.
3.2 To perform Attribute Mapping for Users, click on Provision Microsoft Entra ID Users
You may change the mapping or add new mapping as required.
Review the user attributes that are synchronized from Microsoft Entra ID to Teamgo in the Attribute-Mapping section. The attributes selected as Matching properties are used to match the user accounts in Teamgo for update operation.
The following attributes are supported.
Attribute | Type | Supported for filtering |
userName | String | ✓ |
active | Boolean |
|
displayName | String |
|
title | String |
|
emails[type eq "work"].value | String |
|
name.givenName | String |
|
name.familyName | String |
|
addresses[type eq "work"].streetAddress | String |
|
addresses[type eq "work"].locality | String |
|
addresses[type eq "work"].region | String |
|
phoneNumbers[type eq "mobile"].value | String |
|
externalId | String |
|
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department | String |
|
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber | string |
|
Important Notes: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber is PIN field on Teamgo.
4. Setup Groups Mapping
Follow the steps below to for Groups mapping. You may skip this step if not required.
Make sure Enabled is Yes.
Step 4.1 To perform Attribute Mapping for Groups, click on Provision Microsoft Entra ID Groups
Step 4.2 Change Enabled to Yes, Save and return to previous screen.
Step 4.3 Go to the Users and groups section and assign the necessary users and groups to the application.
5. Provision your app
Use Provision on demand to test your deployment. Once successful, click Start provisioning
6. Monitor your deployment
Once you configure provisioning, use the following resources to monitor your deployment:
Use the provisioning logs to determine which users are provisioned successfully or unsuccessfully
Check the progress bar to see the status of the provisioning cycle and how close it's to completion
If the provisioning configuration seems to be in an unhealthy state, the application goes into quarantine. Learn more about quarantine states the application provisioning quarantine status article.