1. Splashtop Business - Support
  2. Account
  3. Single Sign-On (SSO)

Provisioning setup - Microsoft Entra ID/Azure AD (SCIM)

Avatar
Support

Splashtop supports users/groups provisioning from your identity provider Microsoft Entra ID/Azure AD via SCIM, please follow the below steps to set up.

Step 1: Configure Provisioning - Admin Credentials

  1. Go to the created SAML app, click Provisioning to set up.

    admin_en-us.png
    Note:
    How to create a SAML app:
    Global stack: https://support-splashtopbusiness.splashtop.com/hc/articles/360037945932 
    EU - OC stack: https://support-splashtopbusiness.splashtop.com/hc/articles/360045446252

     
  2. Add Admin Credentials.
    admin2_en-us.png
    Enter -
    Tenant URL
    Global stack: https://my.splashtop.com/scim/v1
    EU stack: https://my.splashtop.eu/scim/v1 
    OC stack: https://my.splashtop.nr/scim/v1

    Secret Token: How to find my Secret token 
    Then click Save.
    Note: Need an active trial or subscription with SSO to successfully test
    admin3_en-us.png

Step 2: Configure Provisioning - Set up ssoName attribute

  1. Go to Mappings, then Provision Microsoft Entra ID/Azure AD Users
    mapping1_en-us.png
    mapping2_en-us.png

    Note: Disable "Provision Azure Active Directory Groups" if a user is in multiple synced AD groups or you do not want users to be moved to the named AD group in Splashtop.
    mapping3_en-us.png
     
  2. Click on your_sso_method_name to configure.
    ssoName_en-us.png
  3. On the configuration window, insert below info:
    Constant Value: This value is the name of the SSO method you created on my.splashtop.com / my.splashtop.eu / my.splashtop.nr. Please enter the exact name of the SSO method you created, spaces included, or the provision will fail.

    Then Ok on the Edit Attribute window, then Save.
    ssoName_2_en-us.png

Note:
If you are from EU stack, you need to manually create the attribute following below steps.

a. Click on Provision Azure Active Directory Users. azuread_SCIM_2_en-us.png

b. Check Show advanced options, then click on Edit attribute list for customappsso. azuread_SCIM_3_en-us.png c. Add an attribute.
Name: urn:ietf:params:scim:schemas:extension:Splashtop:2.0:User:ssoName
Type: String
Required: Yesazuread_SCIM_4_en-us.png

d. Create the mapping:
Mapping type: Constant
Constant Value: Your SSO method name on my.splashtop.com / my.splashtop.eu / my.splashtop.nr
Target attribute: Select the attribute you just created (urn:ietf:params:scim:schemas:extension:Splashtop:2.0:User:ssoName)

azuread_SCIM_5_en-us.png

 

Add user/group to the created app

After SSO and Provisioning configured, you can click Add user to add users to the created enterprise application so the users can be automatically provisioned.

mapping8_en-us.png

Note: If you choose to provision groups, make sure a user is not in multiple groups that are being synced; otherwise, the user will repeatedly switch between groups in the Splashtop system.

Known issues / Troubleshooting

  1. The user xxx is skipped due to not assigned to the application:
    • Make sure the target user is assigned to the application created on Azure.
    • Check Source Object Scope (It is under Created application / Edit Provisioning / Mappings / Provision Azure Active Directory Users), and see if there are some filters preventing the users from being provisioned.
      azuread_SCIM_1_en-us.png
3 out of 3 found this helpful

Articles in this section

See more