Sync users from Azure AD into Apple School Manager
You can use Directory Sync to sync users from Microsoft Azure Active Directory (MS Azure AD) to Apple School Manager. After you have read the requirements for using SCIM and you have an Azure AD administrator with permissions to edit enterprise applications standing by, you can proceed with the following tasks.
Important: You have only four calendar days to complete the token transfer to Azure AD and successfully establish a connection, or you must begin the process again.
Prepare Azure AD to accept the token
Sign in to the Azure web portal (https://portal.azure.com), tap on the menu icon in the upper left-hand corner, then select Azure Active Directory.
If necessary, select All applications in the sidebar, then select the Apple School Manager Azure AD app (you will see the Apple School Manager icon ).
See the Microsoft Support article Add an application to your Azure AD tenant.
Note: You should use only the Apple School Manager Azure AD app when connecting with SCIM.
Select Provisioning in the sidebar, tap Get Started, then select Automatic (provisioning mode).
If you are reconnecting, you may not see Get Started. If you do not see it, tap Edit Provisioning.
Copy the SCIM token
In Apple School Manager , sign in as a user that has the role of Administrator, Site Manager or People Manager.
Tap your name at the bottom of the sidebar, tap Preferences , then tap Directory Sync .
Tap Connect next to SCIM, carefully read the warning, tap Copy, then tap Close.
Leave this window open to copy the tenant URL from Apple School Manager to Azure AD.
Important: The secret token should be shared only with the Azure AD administrator.
Paste the token and tenant URL into the Azure AD app
In Apple School Manager, copy the tenant URL:
https://federation.apple.com/feeds/school/scim
In the Apple School Manager Azure AD app, delete any content in the Tenant URL field, then paste in the tenant URL from Apple School Manager.
Tap Save, then tap Test Connection.
If the connection is successful, Apple School Manager shows the SCIM connection as active. It can take up to 60 seconds for Apple School Manager to reflect the latest connection status.
In the Settings section, enter the email address of an Apple School Manager Administrator, Site Manager or People Manager, then select the “Send an email notification when a failure occurs” tickbox so they receive any provisioning error notifications.
If necessary, tap Mappings and edit custom attributes.
Important: Do not add more attribute mappings or the SCIM process will fail. See the mappings table in SCIM requirements.
Select the type of syncing and test the connection
Note: Federated authentication must be turned on for the domain before you do this task.
Specify whether you want only users assigned to the Apple School Manager Azure AD app to sync using SCIM, or all users in Azure AD to sync using SCIM. If you are unsure which to use, see Provisioning scope.
Turn on Provisioning Status, then tap Save.
Important: If you change the provisioning scope, you must clear the current state and restart synchronisation. Contact your Azure AD administrator before you make any changes to the SCIM connection.
Check the provisioning logs to make sure the connection was successful.
Sign out of the Azure AD web portal.