How to Setup BluSKY

Overview

Why let manual tasks slow you down when automation can propel you forward? With BluSKY's SCIM integration and open API, you can supercharge your existing systems and focus on what truly matters.

Introducing SCIM: Simple and Secure Identity Management

Security is paramount, and so is efficiency. BluSKY’s SCIM integration with Azure Active Directory provides a streamlined, automated approach to user management.

• Seamless Synchronization: No more manual data entry. BluSKY’s SCIM integration automates user provisioning, ensuring that user access is always up-to-date with your identity provider.
• Real-Time Updates: SCIM works in the background, syncing adds, edits, and deletions instantly, so your security policies are enforced consistently without the risk of outdated access.
• Enhanced Security: By automating user management, you reduce human error and ensure that only the right people have access when they need it.

Why BluSKY’s API is the Key to Customization

Our open API allows you to integrate BluSKY’s features directly with your existing workflows, from access management to data reporting.

• Flexible and Customizable: With API access, you can tailor BluSKY to meet your unique needs, enhancing your current systems without the need for replacement.
• Future-Ready: As your business grows and evolves, BluSKY’s API can adapt, offering scalable solutions that keep you ahead of the curve.

The Benefits of Automation with BluSKY

• Reduce Operational Costs: Spend less time on repetitive tasks and more time focusing on core business objectives.
• Streamlined Processes: Keep all your identity management and security data in one place, with automatic updates and seamless integrations.
• Scalable and Reliable: Whether you’re a small team or a large enterprise, BluSKY's tools are designed to grow with you, ensuring consistent and dependable performance.

With BluSKY’s SCIM and open API, you have a robust solution for secure, efficient, and future-proof identity management. Let us help you transform your operations and take your business to the next level.

This document describes how to setup BluSKY's SCIM with Azure Active Directory (Azure AD).

To use BluSKY’s SCIM API with an external application, a user will need to be created in BluSKY. This user’s credentials will be used to acquire a security token that will be needed by the external application. This user will need to have a Role assigned to it that grants them permission for Personnel Administration and Occupant Administration.

SCIM Groups are Occupancies in BluSKY and SCIM Users are People in BluSKY. Since the information required to create an Occupancy in BluSKY is not available in Azure AD, BluSKY’s SCIM provisioning cannot create an Occupancy. Therefore, the Occupancies are created using the BluSKY’s web site and, in the Occupancy Edit page, the Azure AD Group’s “ObjectId” is put into the “SCIM Identifier” field. Once provisioning is enabled, Azure AD will “Create” the Group (Occupancy) in BluSKY. This will not actually create the Occupancy, but the provisioning application will receive information from BluSKY’s SCIM that it needs to communicate AD changes to BluSKY.

The person performing this task needs to have Global Administrator permission in Azure Active Directory.

Also, to provision SCIM by Group, the license for Azure AD must be Azure AD Premium P1 or higher,

Instructions

1. In the Azure Portal search for and open the Azure Active Directory.
2. Choose Enterprise Applications from the left menu.
3. Click "New application"
4. Click "Create your own application"
5. Enter a name the SCIM application like BluSKY_SCIM
6. Choose, "Integrate any other application you don't find in the gallery (Non-gallery)"
7. Click Create
8. When the application is created, choose Provisioning from the left-hand menu.
9. Set the Provisioning Mode to Automatic.
10. In the Admin Credentials section enter https://blusky.blub0x.com/scim for the Tenant Url.

• Use a tool such as PostMan or curl to Post a request to https://blusky.blub0x.com/scim/token with a json payload of:

{
  "username": "a user in the occupancy where SCIM users will initially be created.",
  "password": "the BluSKY password for this user"
}

• For example:

{
"username": "user@yourDomain.com",
"password": "S0m3th1ngS3cr3t"
}

11. If the username and password are valid, this API will return a Json Web Token (JWT) that expires in 1 year.
12. If the username and password are valid, this API will return a Json Web Token (JWT) that expires in 1 year.
13. Copy and Paste the JWT into the "Secret Token" field and click Test Connection. This should succeed.
14. Prior to this anniversary date one year henceforth, repeat this process and update the secret token in this application before it expires.
15. In the Mappings section click Groups.

• Ensure “Create” and “Update” are checked and uncheck “Delete”.
• Ensure the Active Directory Attribute, objectId is mapped to the Customappsso Attribute, externalId and the matching precedence is set to 1. If it does not exist, click the Add Mapping link.
• No other matching precedencies are needed.
• Set any other the Settings to your requirements and click Save.

16. Go back to the Mappings section and click on Users.
17. Click on the mapping for Active Directory Attribute, mail NickName and change the source attribute to objectid. Also set the matching precedence to 1.

• No other matching precedencies are needed.

18. Set any other the Settings to your requirements and click Save.
19. Go back to the Enterprise Applications page and click on the link for your new application.
20. On the left-hand menu choose Users and Groups
21. Assign the users and groups to be provisioned.
22. On the left-hand menu choose Overview
23. And click Start provisioning

Please note that Azure AD performs synchronization every 40 minutes so changes to Users and Group membership will not be applied to BluSKY immediately. Once Azure AD synchronizes the changes, the Users should be updated/created in BluSKY and they should be in their assigned Occupancy.

SCIM Configuration (System for Cross-domain Identity Management)

New SCIM Configuration Interface

• A new SCIM Configuration Interface is available under the Administration menu, allowing customers to manage identity information across multiple domains efficiently. This feature facilitates seamless integration with Active Directory and other systems.

SCIM Configuration Page

• We've introduced a dedicated page for creating new SCIM configurations, simplifying the process of integrating SCIM into your system.

Edit SCIM Configuration

• Users can now quickly update and manage existing SCIM configurations through an intuitive Edit SCIM Configuration page.

clipboard_e844c7e4bb1d59283259ffa265d558758.png

SCIM Configuration List Page

• A new View List page has been implemented, displaying all SCIM configurations in one place for easy navigation and management.

Delete SCIM Configuration

• Users can now delete SCIM configurations directly from the interface, allowing for the removal of outdated or unnecessary configurations.

SCIM Permission Service

• A SCIM Permission Service has been introduced to regulate access to SCIM-related features. Only authorized users can add, edit, or delete SCIM configurations, enhancing security.