Skip to main content
All CollectionsAppsDirectory
Provisioning Vaccination Status to Envoy using SCIM
Provisioning Vaccination Status to Envoy using SCIM
Updated over 4 months ago

Read this article for instructions on how to sync vaccination approval statuses from third-party systems into Envoy. Data syncing will work if your HCM System is connected to your IdP profiles. Envoy can use vaccination status from the IdP synced via SCIM.

We use custom SCIM extensions in Envoy to control features beyond basic Employee provisioning. You may be familiar with how we use SCIM to set an Employee’s department for use as the Neighborhood in the Desks product. That parameter has first-party support in Microsoft Entra (formerly known as Azure), and then is implemented as an extension in Envoy’s SCIM system. This document is concerned with the opposite case. The new healthDocumentApproved parameter is a custom extension defined in Envoy’s schema, and this documentation outlines how that parameter is configured and provisioned within Okta and Entra.

Provisioning Custom SCIM Attributes in Entra

What the tutorial here describes is mostly all you need to do, but with one big gotcha. You must follow this link in order to have the menu options available to add new extension parameters:

Once you have clicked that link while logged in you can then:

  • Go to EnterpriseApplications → Your SCIM Application → Provisioning

  • Click on “Edit Attribute Mappings”

  • Under the Mappings section select the mappings for Users

  • At the bottom of the page click “Show Advanced Options”

  • Click “Edit attribute list for Envoy” and this will show you a section where you can add the new healthDocumentApproved mapping as a boolean. There is no dropdown menu since Entra does not populate these fields from the schema. Instead you simply type “healthDocumentApproved” in the box.

  • After this you can return to your User mappings and you will be able to add a new mapping referencing this extension as the target attribute

And that’s it! Once your provisioning runs a sync the attribute will be applied to your Employees in Envoy.

Provisioning Custom SCIM Attributes in Okta

Official Documentation:

The Okta documentation here is a little less directed than the Entra one, but the process below is outlined on the link here:

Once you have logged into the Okta admin dashboard:

  • On the sidebar menu go to Applications section and click on “Applications”

  • On this page you should have an Envoy app with status “Active”. Click on it.

  • Within the Envoy app configuration there is a tab titled “Provisioning”, navigate here.

  • About halfway down the page you will see “Envoy Attribute Mappings”, click on the “Go to Profile Editor” button.

  • In the Profile Editor you will see a button that says “Add Attribute” click here and a modal will open.

  • Within the Add Attribute menu set:

    • Data type: boolean

    • Display name: Health Document Approved (or any preferred title)

    • Variable name: leave blank for now

    • External name: healthDocumentApproved

    • External namespace: urn:scim:schemas:extension:envoy:protect:1.0:User

    • Description: Add any text here to help other admins know what this is for

    • When done click Save

  • Now back on the Profile Editor click “Mappings”

  • On the menu titled Envoy User Profile Mappings click “Okta User to Envoy”

  • At the bottom of the attribute list on the page you should see the newly created healthDocumentApproved attribute. Configure an expression here to map your vaccination status data to the healthDocumentApproved boolean.

  • Click “Save Mappings” and you are done! Upon the next data sync the data will be set in Envoy.

Did this answer your question?