If you're a Click Travel customer, you have the option to manage user accounts with our SCIM User Provisioning API. By integrating with your Identity Provider (IdP), you can automate user creation, updates, and removals - saving time and reducing manual effort. Here’s how it works and how to set it up.

The following is supported by the Click Travel SCIM API:

Adding new profiles to your team.

When a profile is added, they can be added with the following data attributes:

Updating existing profiles in your team.

The following attributes can be updated:

Removing profiles from your team.

The following types of removal are supported:

Assigning roles to profiles in your team.

Roles can be assigned to profiles from existing roles on the Click Travel platform. Roles themselves can not be managed through the SCIM API.

Note: Profiles provisioned via SCIM cannot be manually edited or removed in the Click platform. All changes, including removals, must be made through SCIM.

This is a simple step that involves you contacting your Click Travel account manager or our support team and asking for a SCIM API key.

If you have SAML2 SSO setup with the Click Travel platform already then you will already have an Enterprise Application setup. If not, you will need to create a new one:

Inside the Enterprise Application, select “Provisioning”:

and then “Get started”:

On the next screen, set the “Provisioning Mode” to “Automatic”.

This will result in the “Admin Credentials” option displaying. Collapse this and complete the fields as follows:

Test the connection to show that the above setting are correct

Save the above settings. Once that has completed, a Mappings dropdown will appear on the same page. Once in there, select the "Provision Microsoft Entra ID Groups" and disable this, as we do not currently support this:

If your team has any team member custom fields which you want the custom data syncing from your IdP to the Click Platform then this needs setting up.

From the above screen, select "Provision Microsoft Entra ID Users", then click Show advanced options → Edit attribute list for {YourApp} :

Custom fields must be sent in the following format:

urn:ietf:params:scim:schemas:extension:CustomFields:2.0:User:<CUSTOM-FIELD-ID> where the <CUSTOM-FIELD-ID> is the ID of the custom field on the Click Platform. E.g. for the custom fields below, the configuration on the Click Platform is:

The corresponding configuration in Azure would be:

Add in an entry for each custom field you want to sync with the Click Platform:

Once all custom fields have been added here, click “Save” at the top of the screen.

Next, you need to map the attributes from your users in AD to the custom fields setup above.

The mappings should be added via the “Add New Mapping” link:

When adding a new field, the input fields should be completed as follows:

If you want to manage the assignment of roles to profiles on the Click Platform through SCIM you are able to do this, however you can not manage the roles themselves through your IdP.

Inside the Enterprise Application you have created, navigate to Users and groups and click on the “application registration” link to create new app-roles.

This will take you to the App roles page, where you will need to Create new app roles. Create any app role that you want to be able to assign automatically. The requirements when adding a app role are:

Once added, your App roles should look something like the following, with the roles you have created.

Back on the Users and groups page of your Enterprise Application, you can change the assigned role for a user by selecting the user with the tickbox, and clicking on “Edit assignment”, and select a role for that user.

When creating any new user, you should ensure you are selecting a role that has a matching role on the Click Platform.

If you want to assign multiple roles to a user, add the user to the Enterprise Application multiple times, once for each role

Now that we have the app roles set up and assigned, we need to update the scope of provisioning.

In your Enterprise Application select Provisioning and select Edit Provisioning.

Open the Settings section and change the Scope to Sync only assigned users and groups.

From the above screen, open the Mappings section and select Provision Microsoft Entra ID Users, then click Show advanced options → Edit attribute list for {YourApp} as with custom data.

Add an attribute with the Name roles and make sure that Multi-Value? is ticked. Make sure that you save this

Once roles has been added, click “Save” at the top of the screen.

Return to the Attribute Mapping page, you should be on this page if you’ve just saved the new attribute.

Click on Add New Mapping link and set up the following mapping:

You’re now setup and users can start being provisioned from AD to the Click Platform.

Because we selected automatic provisioning above, users who are assigned to the Click Platform enterprise app will be provisioned when the provisioning cycle next runs. It is also possible to manually provision individual users using the “Provision on demand” functionality within Azure:

An alternative way to selectively provision users that are in the enterprise application is application roles. If you want to follow this route, follow the below steps.

Navigate to Home -> Azure Active Directory -> App Registrations -> All applications -> <Your Enterprise App> -> App Roles -> Create app role.

In the “create app role” form, set the following:

Navigate to Home -> Enterprise applications -> Click Travel -> Users and groups -> Add user/group. Here you can add individually selected users, or AD groups.

When choosing a role, if there is only one App role available (created in the previous step above), this will be selected by default, otherwise choose one.

To refresh SCIM provisioning to reflect the new user/group allocations, navigate to Home -> Enterprise applications -> Click Travel -> Manage -> Provisioning and select Restart provisioning. This may take up to 40 minutes for anything to happen.

You can select the View provisioning details dropdown for information on synchronisation status and timing. This is likely to be stale data - in order to view the latest details you will also need to click the “refresh” icon above it.

If provisioning fails, check the logs in Azure:

By following these steps, you can ensure smooth, automated user management with Click Travel’s SCIM API. Need help? Our support team is here to assist!