Docs: Improve clarity of SCIM workflow

365cc7f6 · Tristan Williams · Evan Read · 15085d03 · 365cc7f6
Commit 365cc7f6 authored Aug 19, 2019 by Tristan Williams Committed by Evan Read Aug 19, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 8 deletions

doc/user/group/saml_sso/scim_setup.md doc/user/group/saml_sso/scim_setup.md +7 -8

No files found.
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -59,15 +59,14 @@ Once [Single sign-on](index.md) has been configured, we can:

 ### Azure

-First, double check the [Single sign-on](index.md) configuration for your group and ensure that **Name identifier value** (NameID) points to `user.objectid` or another unique identifier. This will match the `extern_uid` used on GitLab.
+The SAML application that was created during [Single sign-on](index.md) setup now needs to be set up for SCIM.

-![Name identifier value mapping](img/scim_name_identifier_mapping.png)
+1. Check the configuration for your GitLab SAML app and ensure that **Name identifier value** (NameID) points to `user.objectid` or another unique identifier. This will match the `extern_uid` used on GitLab.

-#### Set up admin credentials
+   ![Name identifier value mapping](img/scim_name_identifier_mapping.png)

-Next, configure your GitLab application in Azure by following the
-[Provisioning users and groups to applications that support SCIM](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups#provisioning-users-and-groups-to-applications-that-support-scim) 
-section in Azure's SCIM setup documentation.
+1. Set up automatic provisioning and administrative credentials by following the
+   [Provisioning users and groups to applications that support SCIM](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups#provisioning-users-and-groups-to-applications-that-support-scim) section in Azure's SCIM setup documentation.

 During this configuration, note the following:

@@ -97,6 +96,7 @@ You can then test the connection by clicking on **Test Connection**. If the conn
   NOTE: **Note:** If you used a unique identifier **other than** `objectId`, be sure to map it instead to both `id` and `externalId`.

 1. Below the mapping list click on **Show advanced options > Edit attribute list for AppName**.
+
 1. Leave the `id` as the primary and only required field.

   NOTE: **Note:**
@@ -129,8 +129,7 @@ When testing the connection, you may encounter an error: **You appear to have en
 When checking the Audit Logs for the Provisioning, you can sometimes see the
 error `Namespace can't be blank, Name can't be blank, and User can't be blank.`

-This is likely caused because not all required fields (such as first name and 
-last name) are present for all users being mapped.
+This is likely caused because not all required fields (such as first name and last name) are present for all users being mapped.

 As a workaround, try an alternate mapping: