Features

The following Entra ID provisioning features are supported by Elements:

  • Create Users – Users in Entra ID who are assigned to the SCIM application are created or updated as externally managed people in Elements.

  • Update User Attributes – Changes to user attributes (first name, last name, email) are automatically synchronized to Elements.

  • Deactivate Users – Users deactivated or deleted in Entra ID are automatically marked inactive in Elements, which revokes both physical (credential) and logical (login) access. Deleting people (as opposed to marking them inactive) is supported by Elements, but not by Entra ID.

  • Group Push – Groups and their members in Entra ID can be pushed to Elements (as Elements people groups). Groups in Entra ID can be linked to existing Elements people groups. Entra ID will be the source of truth.

Requirements 

SCIM provisioning is an optional feature available via the Elements marketplace. Contact your integrator to subscribe.

Configuration

  1. Subscribe to SCIM provisioning from the Elements marketplace.

  2. On the Marketplace page, under SCIM Provisioning, select Manage.

  3. Select Generate Keys. API keys are generated and may be copied to the clipboard to be pasted when configuring Microsoft Entra.

  4. Sign in to your Entra ID account as an administrator (https://entra.microsoft.com/).

  5. Under Identity, navigate to Applications > Enterprise applications.

  6. Select New application and then Create your own application.

  7. Enter the application name "LenelS2 Elements" and select Integrate any other application you don't find in the gallery (non-gallery).

  8. After creating the application, under the Manage tab, select Provisioning.

  9. Select the Connect your application link and paste either the primary or secondary API key retrieved from the Elements marketplace and Tenant URL.

  10. Test the connection. Once successful, select Create.

  11. Navigate to the Provisioning tab and select Start provisioning.

SCIM provisioning has now been enabled. Assign users to the application to create or link to people in Elements.

Provisioning in Entra ID will occur at intervals of 40 minutes. To perform a manual provision, on the Provisioning tab, select Provision on demand, select the users, and select Provision.

Create Users

Users assigned in Entra ID will be synchronized with Elements based on their email address or username. If a matching email address or username is found, the user present in Elements will be updated as an externally managed user. A new user will be created in Elements as an externally managed user if no match is found.

  1. From the Entra admin center, navigate to the Applications > Enterprise applications page. Then select LenelS2 Elements.

  2. Select the Users and Groups tab. Select Add user/group.

  3. Under Users and Groups, select None Selected and choose the users.

  4. Select Assign.

  5. To confirm that the user was created or updated in Elements, sign in and navigate to the People page. Then search for the user by their First Name, Last Name, Email, or Username. The matching user record should be displayed in the people list.

Update User Attributes

  1. From the Entra admin center, navigate to Identity > Users > All users.

  2. To find the user, enter their username in the Search field. Select the user.

  3. Select Edit Properties to update the user attributes, such as First Name, Last Name, Primary Email or User Principal Name, and then select Save.

  4. To confirm that the user was updated in Elements, sign in and navigate to the People page. Then search for the user by their modified First Name, Last Name, Email, or Username. The updated user record should be displayed in the people list.

Deactivate Users

  1. From the Entra admin center, navigate to the Applications > Enterprise Applications and select the LenelS2 Elements.

  2. To find the user, enter their username in the Search field. Select the user.

  3. From the menu, select Remove Assignment.

  4. To confirm that the user was deactivated in Elements, sign in and navigate to the People page. Then, search for the user by their First Name, Last Name, Email, or Username. The matching user record should be displayed in the people list. The user status should be inactive.

Group Push

Pushed groups are managed from Entra ID. Subsequent pushes from Entra ID will override any changes to the Group name and People mapping made in Elements. However, other changes made in Elements related to group authorizations and access control will remain unaffected. This applies to both pushing a new group and linking an existing Elements group.

Group Push Prerequisites

Before pushing a group, both the group and its members must be assigned to the SCIM app by following these steps.

Create a Group

  1. From the Entra admin center, navigate to the Identity > Groups > All Groups.

  2. Select New group.

  3. Enter the Group name.
  4. For the Membership type, select Assigned.

  5. Select Create.

Once the group is created, people may be added as members.

Add/Remove People

  1. From the Entra admin center, navigate to Identity > Groups > All Groups.

  2. To find the group, enter the group name in the Search field. Select the group.

  3. Select Members.

    1. Add new people to the group.

    2. Select people from the list of members to be removed from the group.

  4. To confirm that the user was created or updated in Elements, sign in and navigate to the People page. Then search for the user by their First Name, Last Name, Email, or Username. The matching user record should be displayed in the people list.

Assign a Group

  1. From the Entra admin center, navigate to the Applications > Enterprise Applications page. Then select LenelS2 Elements.

  2. Select the Users and Groups tab. Select Add user/group.

  3. Under Users and Groups, select None Selected and then choose the users.

  4. Select Assign.

  5. To confirm that the user was created or updated in Elements, sign in and navigate to the People page. Then search for the user by their First Name, Last Name, Email, or Username. The matching user record should be displayed in the people list.

Remove Group

  1. From the Entra admin center, navigate to the Applications > Enterprise Applications page. Then select LenelS2 Elements.

  2. Select the Users and Groups tab.

  3. Select the group and then select Remove Assignment.

  4. To confirm that the user was created or updated in Elements, sign in and navigate to the People page. Then search for the user using their First Name, Last Name, Email, or Username. The matching user record should be displayed in the people list.

Troubleshooting

If you have questions or difficulties with your Elements/SCIM integration, please contact Elements Technical Support at elements_support@honeywell.com.




© Honeywell International Inc. All Rights Reserved.