Skip to main content

Other integrations

Synchronize additional user attributes (SCIM or SAML2)

It is possible to synchronize additional user attributes into Flexopus via SCIM or SAML2. These attributes then appear in the user exports and the REST API responses.

Flexopus supports up to ten additional attributes synchronized from external sources. They are called extensionAttribute1, extensionAttribute2, …, extensionAttribute10 in Flexopus.

Setting up additional attributes via SCIM

Synchronizing additional attributes using SCIM requires no further actions in Flexopus other than having a working SCIM setup.

On the SCIM server side, you have to add additional attribute mappings to the SCIM connection. The following four screenshots with six steps guide you through creating a mapping like this in Microsoft Entra (formerly Azure). The example uses extensionAttribute2 for demonstration purposes, but you can use any of the ten supported attributes. The example shows the steps for Microsoft Entra, but creating a mapping should be similar in most SCIM server implementations.

Steps 1. and 2.
Steps 3. and 4.
Step 5.
Step 6.

Setting up additional attributes via SAML2

To enable synchronization of additional attributes in Flexopus via SAML2:

  1. Navigate to Dashboard > Settings > Authentication.
  2. Edit the selected SAML2 authentication method.
  3. Locate the section Synchronize additional fields.
  4. Select extensionAttributes from the drop-down menu.
  5. Save your settings at the bottom of the page.

This will activate the synchronization of extensionAttributes for the configured SAML2 method.

Activate extension attribute synchronization for your authentication method

To synchronize additional claims for attributes in Flexopus using SAML2 with Microsoft Entra, follow these steps:

  1. Access Microsoft Entra: Open the SAML2 Single Sign-on settings for Flexopus in your Microsoft Entra portal.
  2. Navigate to Attributes & Claims: In the SAML configuration, locate the Attributes & Claims section and click on the Edit button.
  3. Add a New Claim:
    • Click Add a new claim.
    • Set the Claim name to match the attribute name in Flexopus, e.g., extensionAttribute1.
    • Configure the Source attribute as desired (e.g., user.employeeid to map to extensionAttribute1).
  4. Save the new claim to enable synchronization.

Repeat this process for any of the ten supported attribute names in Flexopus.

Step 1. - Attributes & Claims in Entra
Step 2. - Example attribute configuration in Entra

After saving this, the new attributes should synchronize to Flexopus for users that log in, when they log in. Remember, SAML2 synchronizes only at the moment of the login.