1. Introduction
Provisioning is the process that allows you to automatically create, update, or suspend user accounts in an application when changes occur in the main directory (in this case, Microsoft Entra). By setting up provisioning, you can make sure that user accounts in your applications are always up to date on the Cyber Guru platform without having to do it manually.
This guide will help you set up provisioning for an application in Microsoft Entra.
2. Key Terms
- Microsoft Entra: Microsoft’s online identity service that helps manage user access and security.
- Provisioning: Automatically creating, updating, or suspending user accounts in a connected application, based on the information in Microsoft Entra.
- Application: Any online service or tool used by your organization (for example, HR software or a cloud service).
- SCIM: A protocol used to simplify user provisioning (if your application supports SCIM).
3. Before you begin
Make sure you have admin access to Microsoft Entra. If you’re not sure, contact your IT support.
You need to know exactly which application you want to provision users for. In most cases, you’ll need to create a new application.
You should have received the tenant URL and token from Cyber Guru.
All attributes required by the Cyber Guru platform must be present in Entra as user attribute values.
4. Step-by-step provisioning setup
4.1. Step 1: Log in to Microsoft Entra
Open your web browser and go to the Microsoft Entra admin page.
4.2. Step 2: Go to the application
After logging in, look for the navigation panel. Click on “Enterprise Applications” (or “Apps”).
In the list of applications, find the one you want to set up for provisioning and click on it.
If the application isn’t already in the list, you may need to add it as a new application.
At the top of the “Enterprise Applications” page, there’s usually a button labeled “New application” or “Add application.”
Click that button.
Click “Create your own application.”
4.3. Step 3: Find the Provision section
On the selected application’s page, find the “Provisioning” option in the menu. It’s usually listed along with other settings like “Single Sign-On.”
Click on “Provisioning” to access the configuration settings or click “Get Started” in the “3. Provision User Accounts” tab.
Now proceed to connect your application
4.4. Step 4: Set up the connection
Now you’ll need to enter some specific information to connect Microsoft Entra to Cyberguru. This includes:
Tenant URL: The web address provided by Cyber Guru where user data is sent.
Secret Token or Authentication Key: A unique key provided by Cyber Guru that allows Microsoft Entra to communicate securely with the platform.
Click “Test Connection.”
If the test is successful, you'll see a confirmation message.
If the test fails, check the information you entered and try again.
If the problem continues, contact IT support or the application provider.
Click “Create”
4.5. Configure Attribute Mapping
4.5.1. Disable Group Provisioning
First, we need to disable group provisioning because it is not enabled on the Cyber Guru platform.
In the menu on the left, select “Attribute Mapping”
Select “Provision Microsoft Entra ID Groups” and set the “Enable” switch to “No”
Click “Save” and you should now see:
4.5.2. Attribute Mapping
On the previous screen, now click on “Provision Microsoft Entra ID Users”. The full list of attributes will be displayed. The ones highlighted in red are the ones actually used by the Cyber Guru platform.
The next steps will be:
Remove all unnecessary attributes
Add the “locale” mapping for the language. This is the user's language on the Awareness platform and (in case of phishing) for the email template.
Edit the “country” mapping for the user's country. This is the user's country on the Awareness platform and (in case of phishing) for the email template.
Add mappings for the organizations defined in the Cyber Guru company
Review and optimize the mappings
Remove attributes using the “Delete” button:
displayName
title
preferredLanguage
name.formatted
addresses[type eq "work"].formatted
addresses[type eq "work"].streetAddress
addresses[type eq "work"].locality
addresses[type eq "work"].region
addresses[type eq "work"].postalCode
phoneNumbers[type eq "work"].value
phoneNumbers[type eq "fax"].value
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager
Let's add the "locale" attribute:
Click on “Add new mapping” and enter the source and destination attributes as shown below:
The locale attribute must be made up of two lowercase letters that indicate the language used on our platform (according to ISO 639 language codes). This means we expect the source attribute to contain this value. If it doesn't, use another attribute or consider using an expression to get the value from other attributes.
For an example of an expression, see the document “Hint&TipsSCIM”
Click “OK”
Click “Save”
Now let's look at mapping the country attribute.
Make sure the "source" attribute contains the country value as two uppercase letters. If it doesn't, use another attribute or consider using an expression to get the value from other attributes.
For an example of an expression, see the document “Hint&TipsSCIM”
Click “OK”
Click “Save”
Add organization attributes
To add these mappings, we first need to create the attribute. In this guide, we've set up a company on Cyber Guru with three organizations:
Office
Job Title
Department
This is just an example. If you have other organizations, you can add them by following the steps below.
At the bottom of the page, select “Show advanced options.”
Select “Edit attribute list for customappsso.”
At the bottom of the page, you'll see an empty field.
Fill in the empty field with the name of the organizations using
urn:ietf:params:scim:schemas:extension:Tags:2.0:User:DepartmentBe careful, the last part of the name must match exactly the organization (Department) created in your company (it is case-sensitive).
Click "Save"
Repeat these steps for the organizations:
urn:ietf:params:scim:schemas:extension:Tags:2.0:User:Jobtitle
urn:ietf:params:scim:schemas:extension:Tags:2.0:User:Office
Go to the attribute mapping screen, which will now look like this:
Click on “Add new mapping”
Enter the values in the source and destination fields for the Department organization:
In this example, we are linking the “department” attribute from the Microsoft Entra user profile. If the value you need is in another attribute of the Microsoft Entra user profile, just select it from the list of source attributes.
Pay attention to these attributes. They must have a value in Microsoft Entra. Once SCIM is enabled, you will no longer be able to manually update these values in the Cyber Guru platform.
Click “OK”
Click “Save”
Repeat the process for the other two organizations, linking Office to physicalDeliveryOfficeName and Jobtitle to jobtitle
4.5.3. Configure the other mappings and verify
The list of attribute mappings will now look like this:
Pay attention to “userName” and “externalId”
Our platform expects the same value in both fields. This value should not change in the future, so choose your source values carefully. We strongly recommend using badge numbers, ID codes, Active Directory object IDs, etc.
If your application has SSO set up, it’s best to use the Microsoft Entra user “objectId” for these attributes. Let’s assume that’s the case and update the mapping for both attributes as follows:
Click “OK” and “Save” on both
Let’s do a final check on the attributes:
Now we’re ready to test
4.6. Provisioning Test
The test will be run on individual users before enabling automatic provisioning.
Pick a user and authorize them in the Cyber Guru application.
Log in to the Cyber Guru application, click “Provisioning” in the left menu, then click “Provision on demand.” Select the authorized user as shown in the example:
And click “Provision”
If the test is successful, you’ll see the following message:
Check in the Cyber Guru platform to make sure the user was created correctly:
4.7 Choosing user sync settings
Decide which users should be provisioned in the application. There may be options for:
Sync all users
Sync only users from specific groups (for example, “HR Employees” or “Sales Team”)
Choose the option that best fits your organization’s needs.
4.8 Starting provisioning
Review the information you entered to make sure everything is correct.
Go to the app, select “Overview” from the menu on the left, and click the “Start provisioning” button.
Once started, Microsoft Entra will begin syncing user information to the Cyber Guru platform according to the rules you set, every 40 minutes.
5. What to expect
New user accounts will be created automatically.
Any changes to user information (such as job changes) in Microsoft Entra will be reflected in the app during the next sync cycle.
If a user leaves the organization, their access will be automatically suspended on the Cyber Guru platform. We suspend rather than delete because, if the customer wants to reactivate the user, all course data can be retained. Users can be permanently deleted if the customer sends us a specific request.
6. Troubleshooting and support
Double-check that the endpoint URL and secret token are entered correctly.
If the connection test fails, check the details with your IT support or refer to the documentation provided by your application vendor.
If you notice issues with user synchronization (for example, missing users or outdated information), check your group or user selection settings.
For further help, use the “Help” option in Microsoft Entra or contact your organization’s IT team and Cyberguru support.