Skip to main content

SCIM with Azure

Set up automatic user provisioning from Azure Entra ID to Enterpret

Team Enterpret avatar
Written by Team Enterpret
Updated over 2 months ago

Enterpret SCIM Integration with Azure Entra ID

Set up automatic user provisioning from Azure Entra ID to Enterpret

Documentation Links:

Review Enterpret's documentation link above for credential requirements, SCIM endpoint details, and group naming/role conventions before proceeding.


Prerequisites

  • SCIM OAuth Bearer Token: Obtain this from Enterpret support. Needed to connect Azure provisioning.

  • Admin rights in Azure Entra ID: Application or Cloud Application Administrator permissions are required.

  • Attribute mapping plan: Decide which Entra user attribute (mail, userPrincipalName) should map to Enterpret username.

  • Role/group mapping strategy: If you want Enterpret roles mapped to Entra groups, decide group names now (e.g., “Enterpret Admins”).


Instructions: Azure Entra ID Setup for Enterpret SCIM

1. Create the Enterprise Application

  • Go to Microsoft Entra admin center → Enterprise applications → New application.

  • Select “Create your own application,” name it (e.g., “Enterpret SCIM”), and choose non-gallery.

2. Connect Provisioning to Enterpret SCIM

  • In the newly created app, navigate to Provisioning.

  • Set Provisioning Mode to “Automatic.”

  • Enter Tenant URL: https://api.enterpret.com/scim/scim/v2

  • Paste your Enterpret SCIM OAuth Bearer Token into Secret Token.

  • Click “Test Connection.” Save if successful.

3. Configure Attribute Mappings

  • In Provisioning > Mappings, edit “Provision Azure Active Directory Users.”

  • Map fields as appropriate:

    • userName ← mail or userPrincipalName

    • active ← accountEnabled

    • name.givenName ← givenName

    • name.familyName ← surname

    • emails[type eq “work”].value ← mail

  • Save changes.

4. Set Provisioning Scope

  • Provisioning > Settings > Scope: Select “Sync only assigned users and groups” for control.

  • Save.

5. Assign Users or Groups

  • In Users and groups for the application, add users or groups.

  • For SCIM-driven roles, ensure group names reflect Enterpret’s expected role names (“Enterpret Admins,” etc.).

6. Start Provisioning

  • Return to Provisioning and click “Start provisioning.”

  • Azure will sync users/groups as configured—users are automatically managed in Enterpret.

Did this answer your question?