Skip to main content
Eptura Knowledge Center

Configure SCIM provisioning for Microsoft Entra ID

  1. Last updated
  2. Save as PDF

Level: Eptura Implementation team / Client IT team

Eptura supports the integration with Microsoft Entra ID and this article details how to configure Microsoft Entra ID provisioning integration. This article is written for Administrators and assumes familiarity with Microsoft Entra ID, basic identity management concepts, and the SCIM standard.

When the SCIM integration between Microsoft Entra ID and Eptura is ready, the following user actions in Entra ID are also applied to Eptura users.

  • Create users - Eptura requires a unique username for each user.
  • Delete users - Users deleted from Entra ID are marked as inactive in Eptura.
  • Update user attributes - Updates to Entra ID user profiles are pushed to Eptura.
  • Add a group - Entra ID creates a corresponding group in Eptura.  
  • Remove a group - Groups deleted from Entra ID are marked as inactive in Eptura.
  • Update Groups attributes - Group attribute ‘displayName’ can be updated.
  • Add/remove users to/from a group    

Contents

  • Prerequisites
  • Step 1. Create the SCIM Application (Client)
  • Step 2. Provisioning User Accounts (Client)
  • Step 3. Mappings (Client)
  • Step 4. Provisioning - Sync all users and groups (Client)

Prerequisites

We provide the main steps and we recommend you refer to the SCIM 2.0 protocol specification http://www.simplecloud.info/#Specification for more detailed information. Our SCIM integration supports SCIM version 2.0 and is certified for Microsoft Entra ID.

Before you begin, you must have the following:

  • Microsoft Entra ID
  • Eptura SCIM API URL (Provided by Eptura)
  • Long-lived SCIM token generated from SCIM Token Provider (up to 10 years) (Provided by Eptura)

Step 1. Create the SCIM Application (Client)

Complete the following:

  1. Sign in to Microsoft Azure https://azure.microsoft.com/en-us/
  2. From the menu, select Microsoft Entra ID.
  3. From the menu, select Manage > Enterprise applications.

 

clipboard_ef6b173b0b6acc6f985be835af563cf40.png

  1. Click the +Create your own application.

clipboard_e4ec1f827d27a94ccdb32f25ae6c97801.png

  1. In the name field, enter the name of your SCIM application. For example SCIM.
  2. Use the default selected "Integrate any other application you don’t find in the gallery (Non-gallery)" option.
  3. Click the Create button and the application is created.

Step 2. Provisioning User Accounts (Client)

After the SCIM application is created, then you can provision the user accounts.

  1. From the menu select Manage > Provisioning.

clipboard_e04972a497d17504bf60f211556a5e769.png

  1. From the Provisioning Module drop-down, select Automatic.
  2. Click the Admin Credentials expand to see the settings.

clipboard_ece49ee99d3889d488466196228ed81c8.png

  1. In the Tenant URL field, enter the production SCIM URL.
  2. In the Secret Token, enter the Eptura's Long Lived Token (this is provided by Eptura).
  3. Click the Test Connection button.
  4. After you see the Testing Connection to SCIM success message, then click the Save button.

Step 3. Mappings (Client)

Next, you will complete the attribute mappings for the user.

  1. Click the Mappings expand to see the settings.

clipboard_e0c75e8528f8b1a10fd969edf8c6731d4.png

  1. Click Provision Microsoft Entra ID Users and the Attribute Mapping screen displays.

clipboard_e8f5731efa9b33821cc523b03f9754f05.png

  1. You only need the mandatory attributes, so delete the extra mappings.

The mandatory attributes are:

  • userName
  • active
  • emails[type eq "work"].value
  • name.givenName
  • name.familyName
  • externaId

clipboard_e1c2c85352f06c2fb1eabaa19c6f1ccce.png

  1. For the externaId, click the Edit button and the Edit Attrribute screen displays.

clipboard_e62c26d86bd700a1914400eec3b30a669.png

  1. For the Source attribute drop-down, select objectId.
  2. Click the OK button and you are returned to the Attribute Mapping screen.
  3. Click the Save button and message displays "Saving your changes will result in all assigned users and groups being resynchronized. This may take a long time depending on the size of your directory."
  4. Click the Yes button.

Step 4. Provisioning - Sync all users and groups (Client)

  1. From the SCIM application, click the Overview menu item.

If you don't see the Overview menu, then from the menu, select Manage > Provisioning.

clipboard_e85101924d4026b607621f7e287993f44.png

  1. Under the Manage provisioning heading, click the Update credentials and the Provisioning screen displays.
  2. Click the Settings expand to see the settings.

clipboard_e98db12c2f411f27f1cd2d2eb4a794a14.png

  1. From the Scope drop-down, select Sync all users and groups.
  2. Click the Provisioning Status toggle, to ON.
  3. Click the Save button.

SCIM application provisioning has been completed.

The Manage > Provisioning screen will show the progress bar and you will find the provisioning logs here too. See Check the status of user provisioning | Miscrosoft.