Azure AD SCIM Integration

This document shows step-by-step how to synchronize users' information from the Azure AD identity provider to the platform.

Please make sure to set up the mandatory settings from the ‘’ page in this document before proceeding to the following step.

Azure Active Directory Configuration

Please log in to as an Admin and select Azure Active Directory under the Azure Services section.
Click on Enterprise applications on the left-hand side of the screen.
Click +New application to create an application for SCIM integration.
Click on the +Create your own application to create an application.
1. Enter a name for the application.
2. Select ‘Integrate any other application you don't find in the gallery (Non-gallery)’ option.
3. Click the Save button to create the application.
Click on the application to enter the application settings.
1. Select the ‘Provisioning’ menu from the left side.
2. Click the ‘Get Started’ button and then choose ‘Automatic’ mode.
3. Tenant URL: https://scim-api.keepnetlabs.com/scim
4. Secret Token: Enter the token which was created on the platform.
5. Provisioning Status: If this option is "Off", please switch it to "On" status.
6. Click the ‘Test Connection’ button to test your configuration. If it’s successful, click the Save button to save settings.
Before starting the synchronization, set the synchronization type in the application.
1. Click the ‘Edit Provisioning’ button and then under Settings, you can see the ‘Scope’ setting.
2. You can select an option to synchronize users to the platform.
  1. If you select, ‘Sync all users and groups’, all users or groups that are available in the Azure AD will be synchronized to the platform. This option might be dangerous for your platform license count.
  2. If you select, ‘Sync only assigned users and groups’, only specific assigned users or groups to the application will be synchronized to the platform.

Synchronization Users or Groups

Depending on your ‘Scope’ selection, you can assign your users or groups to the application by clicking the Users and Groups menu under the Manage column on the left and then click the ‘Start Provision’ button to start synchronization.
You can see target users on the platform approximately in a few minutes. The Azure AD rechecks the application for new users, changes or deleted users every 40 minutes.

Troubleshooting

If a user can not be synchronized to the platform, please check the following settings.

The user may need to assign to the SCIM application from the Users and Groups menu in order to sync it to the platform depending on your ‘Scope’ selection.
The ‘mail’ attribute is mandatory, if this attribute doesn’t exist in the application, please create one under Prevision > Edit Prevision > Users page.
Go to Provisioning, click on Provision Azure Directory Users under Mappings field and make sure that Source Object Scope is "All Records" selected.

Tutorial Video

This video tutorial shows the documentation steps for synchronizing users' information from the Azure AD identity provider to the platform.

PreviousGetting Started with SCIM NextOkta SCIM Integration

Last updated 3 months ago

Azure Active Directory Configuration

Please log in to as an Admin and select Azure Active Directory under the Azure Services section.

Click on Enterprise applications on the left-hand side of the screen.

Click +New application to create an application for SCIM integration.

Click on the +Create your own application to create an application.

Enter a name for the application.
Select ‘Integrate any other application you don't find in the gallery (Non-gallery)’ option.
Click the Save button to create the application.

Click on the application to enter the application settings.

Select the ‘Provisioning’ menu from the left side.
Click the ‘Get Started’ button and then choose ‘Automatic’ mode.
Tenant URL: https://scim-api.keepnetlabs.com/scim
Secret Token: Enter the token which was created on the platform.
Provisioning Status: If this option is "Off", please switch it to "On" status.
Click the ‘Test Connection’ button to test your configuration. If it’s successful, click the Save button to save settings.

Before starting the synchronization, set the synchronization type in the application.

Click the ‘Edit Provisioning’ button and then under Settings, you can see the ‘Scope’ setting.
You can select an option to synchronize users to the platform.
1. If you select, ‘Sync all users and groups’, all users or groups that are available in the Azure AD will be synchronized to the platform. This option might be dangerous for your platform license count.
2. If you select, ‘Sync only assigned users and groups’, only specific assigned users or groups to the application will be synchronized to the platform.

Synchronization Users or Groups

Depending on your ‘Scope’ selection, you can assign your users or groups to the application by clicking the Users and Groups menu under the Manage column on the left and then click the ‘Start Provision’ button to start synchronization.

You can see target users on the platform approximately in a few minutes. The Azure AD rechecks the application for new users, changes or deleted users every 40 minutes.

Troubleshooting

If a user can not be synchronized to the platform, please check the following settings.

The user may need to assign to the SCIM application from the Users and Groups menu in order to sync it to the platform depending on your ‘Scope’ selection.

The ‘mail’ attribute is mandatory, if this attribute doesn’t exist in the application, please create one under Prevision > Edit Prevision > Users page.

Go to Provisioning, click on Provision Azure Directory Users under Mappings field and make sure that Source Object Scope is "All Records" selected.