eADM
eADM
Breadcrumbs

Aidn

Aidn is a digital platform for health and care services. With the eADM , your municipality can automatically provision users and groups in Aidn from eADM using the same SCIM mechanism that Aidn supports for Entra ID, but with eADM the source system.

When users are added, updated, or removed from the eADM scope, Aidn is updated accordingly. Groups exported from eADM be used for automated access management in Aidn when configured on the Aidn side.

Learn more about Aidn at aidn.no.

What you need before Identum can configure eADM

Step 1: Generate SCIM credentials in Aidn

Follow Aidn's administrator guide for Entra setup, but only complete the Aidn admin steps—not the Entra provisioning steps.

Guide: Setting Up Entra ID for Administrators

  1. Log in to Aidn as a system administrator.

  2. Go to Administration → AD integration (Entra ID integration).

  3. Copy the SCIM endpoint URL (tenant URL).

  4. Generate a token. Copy it right away—it is only displayed once.

Send both values to your Identum contact via a secure password-sharing service.

Step 2: Tell us about your current setup

Please confirm:

Question

Why we need it

Do you already provision users from Entra ID to Aidn?

The existing Entra SCIM must be disabled before eADM over

Do you have any existing users in Aidn?

Affects how we match users during the first export

Which Aidn access groups do you need?

Drives eADM and ruleset design

eADM social security numbers/D numbers from your HR system and sends them to Aidn as personIdentifier. You do not need to provide or maintain this separately.

Step 3: Define your Aidn access groups

Aidn recommends a clear group model for automated access. Read:

Set up automatic access management in Aidn using Entra groups

Difference from eADM: Groups are not managed in Entra ID. They are created and maintained in eADM eADM and permissions.

You should:

  1. Define which Aidn roles and work locations each group should be granted.

  2. Agree on group names (Aidn recommends AIDN - <sted> - <rolle>).

  3. Decide who creates the eADM : you, your partner, or Identum.

One group = one access package in Aidn (same role, same location, same additional permissions).

What Identum configures in eADM

Once we receive your SCIM URL and token, we:

  1. Add the Aidn sync step to your eADM cycle.

  2. Configure permissions so that the right employees are included.

  3. Create export groups (if you use group-based access).

  4. Set up user and group export templates.

  5. Run a test export and share the results with you for review.

  6. Activate the integration on the agreed date.

You do not need to create an Entra Enterprise Application for Aidn provisioning when using eADM.

What happens after go-live

Users

New users synced to Aidn appear in the "Pending" section. An Aidn administrator must assign roles before the user becomes active—unless they are covered by group-based automatic access.

Users removed from the eADM scope are deactivated in Aidn. You do not need to manually deactivate them in both systems.

Groups (if used)

Exported groups appear under Access GroupsExternal Groups in Aidn.

Your Aidn administrator must:

  1. Open each group → Set up group

  2. Select role, work location, and any additional privileges

  3. Enable Automatic Access

See the Aidn guide linked in Step 3 for details.

HelseID linking

Once access is granted, each user must log in once using Entra and complete the HelseID linking process in Aidn. This is an Aidn requirement, not part of eADM .

Optional: Create export groups yourself

If you prefer to create Aidn export groups in eADM:

Field

Guideline

Description

Human-readable name — becomes displayName in Aidn. Use the Aidn naming convention.

SourceID / Name

Enter a technical ID, e.g. AIDN-Voss Nurse

Parent (Subordinate)

Must be aidn — used in export regulations

Let your Identum contact know when the groups are ready so we can link the rulesets and export the templates.

Information to send to Identum

  • SCIM endpoint URL from Aidn
  • Token from Aidn (secure channel)
  • Confirmation of whether Entra → Aidn SCIM is currently in use
  • List of required Aidn access groups (names + intended roles/locations)
  • Preferred go-live date

Support boundaries

Identum supports data synchronization eADM Aidn (users, groups, and membership).

Identum does not provide end-user support for the Aidn application, Aidn role configuration, or HelseID linking. Please contact Aidn support for issues specific to Aidn.

FAQ

Can we use Entra SCIM and eADM the same time?
No. Only one SCIM source should provision to Aidn.

Do we manage groups in Entra?
No. With eADM, groups and membership rules are managed in eADM.

What if we only need user synchronization, not groups?
That's possible. Users can be synced without exporting groups; roles are then assigned manually in Aidn.

What user data is sent?
The standard export includes name, username (UPN), work email, and national ID number/D-number (personIdentifier) from your HR system. Phone and address fields can also be mapped if necessary.