All articles

Wrike and Azure Active Directory: User Provisioning

Wrike admins on Enterprise accounts can set up automatic user provisioning and deprovisioning for Wrike with Azure Active Directory (Azure AD) using SCIM protocol.

Overview

Set up Wrike with the System for Cross-domain Identity Management (SCIM) standard to automatically provision or deprovision users based on their status in Azure Active Directory (Azure AD).

  • Automatic provisioning - Azure AD users are automatically provisioned for Wrike.
  • Synced user attributes - User attributes are automatically updated in Wrike when they’re updated in Azure AD. View synced attributes.
  • Automatic deprovisioning - Wrike users are automatically deactivated in Wrike when they’re deactivated in Azure AD.

This article is about integrating Wrike with Azure AD SCIM. Please see the separate article to learn how to set up SSO with Azure AD.

Important Information

  • Members added through SCIM are billable as soon as they're provisioned.

Set Up Wrike With Azure AD SCIM

To perform this setup, you must be an admin on a Wrike Enterprise account with permission to configure advanced security settings as well as an Azure AD admin to set up Wrike with Azure AD SCIM. We recommend setting up SSO with Azure AD before proceeding.

Step A: Add approved domains

  1. Add approved domains. (Only users from approved domains will be automatically provisioned to Wrike.)

Step B: Find and note the SCIM URL

  1. Open your Wrike workspace.
  2. Click your profile picture in the upper-right corner.
  3. Select “Apps & Integrations.”
  4. Find “Azure AD” in the list of apps and click on it.
  5. Switch to the SCIM tab.
  6. Scroll to the bottom and copy the base URL. You’ll be using it in a few steps.
  7. Close the Azure AD pop-up (but stay in Wrike) and proceed to Step C.

Step C: Obtain the OAuth token

  1. Click “API” on the left side of the Apps & Integrations page.
  2. Enter a name in the “App name” field. (We suggest “Azure AD SCIM.”)
  3. Click “Create new.”
  4. (Optional) Add an app description.
  5. Scroll to the bottom of the page and click “Create v4 Token.”
  6. Enter your password and click "Obtain token."
  7. Copy the token and save it somewhere. You’ll need to enter this information in Azure AD. Important! You’re only shown your token once, so make sure you save it.
  8. Click "Save."

Step D: Finalize the setup from Azure AD

  1. Log in to https://aad.portal.azure.com/.
  2. Click “Enterprise applications” on the left.
  3. Find and select “Wrike.”
  4. Select “Provisioning” from the menu panel on the left.
  5. Under the Provisioning Mode menu, select “Automatic.”
  6. Scroll down to the Admin Credentials section.
  7. In the field next to “Tenant URL,” paste the base URL that you copied in Step B.
  8. In the field next to “Secret Token,” paste the token you copied in Step C.
  9. Click the “Test connection” button to confirm that all your settings are correct.
  10. If the test is successful, click the “Save” button at the top of the window. If not, double-check your settings or contact Wrike Support for help.
  11. Scroll down to the Settings section.
  12. Set the provisioning status to “On.”
  13. In the Scope drop-down menu, select which events you want to synchronize between Wrike and Azure: "Sync only assigned users and groups" or "Sync all users and groups."
  14. Click “Save” at the top of the window to start the provisioning service.

Note: Make sure that all relevant users and groups are assigned for Wrike’s app.

Synced Attributes

The following attributes are synced from Azure AD to Wrike:

  • Username
  • Given name
  • Family name
  • Primary email
  • Job Title
  • Primary phone number
  • Organization name
  • Department
  • wrikeUserType*

* This is a custom attribute, specifying the type of license in Wrike. Supported values are "Regular", "External" and "Collaborator". By default, Regular users are created.

Troubleshooting

If a user is not automatically provisioned or deprovisioned, check the log in the Azure AD administration portal:

  1. On the Azure AD Dashboard, locate "Audit Logs."
  2. Click "View activity."
  3. Verify that there’s an event for a SCIM provisioning attempt.

If there is no event, make sure that users are properly Support Team and provide error details.

Top