Setting up SCIM on Microsoft Entra ID

These instructions are for reference only. Company-specific security policies and best practices should be considered when implementing a SCIM integration. These instructions cover the configuration of SCIM on the IdP's side and contain IdP-specific details. 

This article details how to set up SCIM in Microsoft Entra ID for user provisioning to Haiilo. In this article, we assume you are using the same application for SCIM as you use for SSO. You can view instructions for setting up SSO in Entra ID in Setting up SSO on Microsoft Entra ID.

The general instructions and important information for setting up SCIM on Haiilo can be found in the Managing users with SCIM provisioning article. Please review the article before completing the setup.

Set up SCIM on Entra ID

You need admin rights in your Microsoft Entra ID account to set up SCIM.

Establish the connection

  1. Log in to the Microsoft Azure Platform.
  2. Go to Microsoft Entra ID > Enterprise applications
  3. Find and select the application you created when setting up SSO for Haiilo
  4. Select Provisioning > Get started
  5. In Provisioning Mode, select Automatic
  6. Under Admin credentials, enter the Tenant URL and Secret Token. You can find information on obtaining these in Managing users with SCIM provisioning.
  7. Select Test connection
  8. If the connection is successful, select Save

Provisioning connection for SCIM.png

Edit mappings

  1. Configure Users provisioning
    1. Select Mappings > Provision Microsoft Entra ID Users
    2. Define Target Object Actions. We recommend using all actions, Create, Update, and Delete.
    3. Decide which profile fields you want to map for users. You can see a list of supported attributes in Managing users with SCIM provisioning.
    4. Remove all unsupported attributes or attributes you don't want to map. If you don't remove them, they can cause undesirable side effects in the platform.
    5. Select Save
    6. Exit the Users provisioning section
  2. Turn off Groups mapping
    1. Select Mappings > Provision Microsoft Entra ID Groups
    2. Select Disable and Save. Haiilo doesn't support mapping for Groups via SCIM.

Below is an example of how the attribute mappings can look like:

Examples of attribute mappings for SCIM in Entra ID.png

Enable provisioning

  1. In Provisioning Status, select On
  2. Select Save

The initial cycle will run shortly after that and any assigned users will be created on the platform.

Example of a mapped user via SCIM.png

Was this article helpful?