Skip to main content

Other integrations

Synchronize additional user attributes (SCIM or SAML2)

It is possible to synchronize additional user attributes into Flexopus via SCIM or SAML2. These attributes then appear in the user exports and the REST API responses.

Flexopus supports up to ten additional attributes synchronized from external sources. They are called extensionAttribute1, extensionAttribute2, …, extensionAttribute10 in Flexopus.

Setting up additional attributes via SCIM

Synchronizing additional attributes using SCIM requires no further actions in Flexopus other than having a working SCIM setup.

On the SCIM server side, you have to add additional attribute mappings to the SCIM connection. The following four screenshots with six steps guide you through creating a mapping like this in Microsoft Entra (formerly Azure). The example uses extensionAttribute2 for demonstration purposes, but you can use any of the ten supported attributes. The example shows the steps for Microsoft Entra, but creating a mapping should be similar in most SCIM server implementations.

Steps 1. and 2.
Steps 3. and 4.
Step 5.
Step 6.

Setting up additional attributes via SAML2

To synchronize additional attributes using SAML2, you first have to enable the synchronization of them in Flexopus for the given authentication method. Go to Dashboard > Settings > Authentication and click edit on the selected SAML2 authentication method. After this, go to the section called Synchronize additional fields and select extensionAttributes from the drop-down selector. (See the screenshot below.) Do not forget to save the settings on the bottom of the page.

Activate extension attribute synchronization for your authentication method

On the SAML2 provider side, you have to add additional claims for the attributes you would like to synchronize. The name of the claim should match the attribute's name in Flexopus, for example extensionAttribute1.

In Microsoft Entra, go to the edit page of your SAML2 Single Sign-on for Flexopus. Go to the Attributes & Claims section and click on the Edit button. (See screenshot Step 1. below.) Add a new claim and set it up. For this, there is an example in screenshot Step 2. which synchronizes the user.emplyeeid attribute to extensionAttribute1 in Flexopus. Use any of the ten names supported by Flexopus and select the source attribute you would like to synchronize.

Step 1. - Attributes & Claims in Entra
Step 2. - Example attribute configuration in Entra

After saving this, the new attributes should synchronize to Flexopus for users that log in, when they log in. Remember, SAML2 synchronizes only at the moment when the user logs in.