Darwinbox HRIS integration via Entra ID SCIM

End-to-end integration between Darwinbox (Affinity Group's new HRIS / HRMS) and Microsoft Entra ID via the Microsoft Entra SCIM connector, making Darwinbox the system of record for employee lifecycle events (hires, role changes, departures) that fan out through Entra into the rest of the company's identity, licensing, access, and downstream business-app footprint.

One of four formally-tracked 2026 IT goals at Affinity Group and the biggest identity / lifecycle work in flight. Once live, an HR action in Darwinbox (a new hire, a department change, a termination) provisions and deprovisions everything downstream automatically rather than triggering a chain of manual IT tickets.

Why this matters

Employee lifecycle events currently flow through HR-initiated tickets in Freshservice, which IT actions manually against Entra ID. The result is roughly 1,089 onboarding tickets and 469 offboarding tickets processed since Freshservice went live: a substantial recurring workload that exists because there is no direct system-of-record sync between HR and identity.

The Darwinbox integration changes the shape of the work:

• HR maintains the employee record in Darwinbox as the source of truth.
• The Entra SCIM connector provisions, updates, and deprovisions Entra ID user objects automatically.
• Downstream automation (license assignment via dynamic groups, Conditional Access scoping, distribution lists, Intune targeting, all driven by the Entra ID Department attribute per the naming standards) follows.
• IT exits the "manual mirror" role and moves to exception-handling only.

User attribute standardization

Entra ID User Attribute Standards & Darwinbox Integration Requirements (May 13, 2026) defines the canonical mapping between Darwinbox employee attributes and Entra ID user attributes. The load-bearing alignment work: without it, Department / Job Title / Manager / Location values arrive in Entra in inconsistent shapes that break the dynamic groups, the M&A naming standards, and the per-region license assignment.

The standards doc covers attribute-by-attribute mapping (Darwinbox attribute to Entra ID attribute, including the 15 extension attributes already in use), standardized values for Department / Division / Region, required vs optional attribute rules, and validation logic for ingestion.

SCIM connector configuration

The Microsoft Entra SCIM connector configuration covers the technical glue: Darwinbox initiates the SCIM provisioning calls against Entra, and Entra interprets those as user-object CRUD operations. The Entra_SCIM_Connector_Customer_Input_Requirements_UAT doc captures the company-side decisions:

• Which SCIM operations are enabled (create, update, deactivate, delete).
• Attribute mapping inside the connector.
• Filtering rules (which Darwinbox employee categories sync to Entra, which do not).
• Provisioning cadence and conflict-resolution rules.

IT-side onboarding and configuration checklist

Formal IT-side checklist (May 12, 2026) walks the configuration through end to end: Darwinbox primary contact info, implementation team contacts, IT-team prerequisites, attribute mappings, test plans, UAT gates, go-live criteria. The document Darwinbox's implementation team works against and the IT team uses to validate.

UAT plan and execution

Dedicated UAT/ subfolder inside the project workspace holds the User Acceptance Testing artifacts. UAT is the gate that catches the inevitable attribute-mapping edge cases, regional naming inconsistencies, and SCIM-operation surprises before the integration ships to production for the full ~1,100-employee user base.

A formal Darwinbox Entra Handoff - Affinity Group v2 package consolidates the UAT artifacts, the attribute standards, and the configuration checklist into a single handoff that the Darwinbox implementation team executes against on their side.

Downstream CRM email-notification flow

Separate but related flow design: when Darwinbox raises a lifecycle event relevant to the sales team's CRM (the company CRM), the CRM gets a structured email notification. Decouples the CRM team's onboarding / offboarding awareness from the Freshservice ticket queue and keeps the sales side informed in near-real-time.

What this demonstrates

• HRIS-to-identity integration ownership at the enterprise scale: SCIM connector design, attribute mapping, UAT, vendor handoff, downstream notification flow.
• System-of-record discipline: instead of asking IT to manually mirror HR's state, the integration makes Darwinbox the source of truth and Entra ID a derived view, which is the right architectural shape.
• Cross-team documentation: the integration touches HR, IT, the Darwinbox implementation team, and the CRM / sales team, with separate artifacts targeted at each.
• Attribute-standards work as load-bearing prep: standardizing the user attributes before turning on SCIM is the design choice that prevents the dynamic-groups blast radius from being a release blocker.
• UAT discipline: formal UAT phase with handoff documentation rather than "go straight to prod and watch what breaks."
• Recurring-workload elimination: roughly 1,500+ onboarding/offboarding tickets per year become exception-handling instead of routine ticket work once Darwinbox is live.
• Composability with existing AG architecture: the integration writes into the same attribute shape the naming standards already require, so all existing dynamic-group / license-assignment / Conditional Access / Intune work automatically picks up Darwinbox-driven changes.