Skip to content

Microsoft Entra

This guide walks you through setting up Directory Sync with Microsoft Entra (Azure Active Directory) using SCIM provisioning.

Creating an App Registration

Step 1: Log in to the Microsoft Azure Portal, and select "Microsoft Entra ID" from the main menu.

step-1-login

Step 2: Click on "Enterprise Applications" from the left navigation menu.

step-2-enterprise-applications

Step 3: If your application is already created, choose it from the list and move to the section Configuring SCIM Endpoints. If you haven't created your application yet, click on the New Application button.

step-3-new-application

Step 4: Click on the "Create your own application" button to create your application.

step-4-create-application

Step 5: Give your application a name (e.g., "Qualytics OAuth Client" or "Qualytics SCIM Client").

step-5-application-name

Step 6: After entering the name for your application, click the Create button to finalize the creation of your app.

step-6-create-button

Configuring SCIM Endpoints

Step 1: Click on Provisioning from the left-hand menu.

step-7-provisioning

Step 2: A new window will appear, click on the Get Started button.

step-8-get-started

Step 3: In the Provisioning Mode dropdown, select "Automatic" and enter the following details in the Admin Credentials section:

  1. Provisioning Mode: Select Automatic.

  2. Tenant URL: https://your-domain.qualytics.io/api/scim/v2

  3. Secret Token: Generate this token from the Qualytics UI when logged in as an admin user. For more information on how to generate tokens in Qualytics, refer to the documentation on Tokens.

step-9-admin-credentials

Step 4: Click on the Test Connection button to test the connection to see if the credentials are correct.

step-10-test-connection

Step 5: Expand the Mappings section and enable your app to enable group and user attribute mappings. The default mapping should work.

step-11-mapping

Step 6: Expand the Settings section and make the following changes:

  1. Select Sync only assigned users and groups from the Scope dropdown.
  2. Confirm the Provisioning Status is set to On.

step-12-provisioning-status

Step 7: Click on the Save to save the credentials. Now you've successfully configured the Microsoft Entra ID SCIM API integration.

step-13-save

Assigning Users and Groups for Provisioning

Step 1: Click on the Users and groups from the left navigation menu and then click Add user/group.

step-14-add-user-group

Step 2: Click on the None Selected under the Users and Groups.

step-15-none-selected

Step 3: From the right side of the screen, select the users and groups you want to assign to the app.

step-16-select-user-group

Step 4: Once you selected the group and users for your app, click the "Select" button.

step-17-select-button

Step 5: Click on the Assign button to assign the users and groups to the application.

Warning

When you assign a group to an application, only users directly in the group will have access. The assignment does not cascade to nested groups.

step-18-assign