Skip to main content

Entra ID (Azure) SCIM Connection Overview

  • Updated

Setting up Microsoft Entra ID (Azure) SCIM provisioning with Spekit? This guide provides a general overview of how to create a SCIM application in Entra ID, configure admin credentials, set up attribute mapping, and sync users into Spekit.

⚠️ Important: This guide provides a general overview of the SSO connection process and should not be used as a step-by-step configuration guide. To set up SSO with Spekit, go to the Connect page within your Spekit Web App and proceed through the in-app setup walkthrough.

 

📌 Quick-Jump Topics

 

Step 1: Create an Entra ID SCIM Application

How do I create a new SCIM application in Microsoft Entra ID?

  1. From your Enterprise Application dashboard, click New Application.

Select New Application in Azure

  1. Click Create your own application.

Select Create your own application in Azure

  1. Give your application a descriptive name such as Spekit SCIM.
  2. Select Integrate any other application you don't find in the gallery (Non-gallery).
  3. Click Create.

Configure new application name in Azure

 

Step 2: Configure SCIM Admin Credentials

How do I connect the SCIM application to Spekit?

  1. In the left sidebar under the Manage section, click Provisioning.

Select Provisioning from the Manage section in Azure

  1. Click Get Started.

Select Get Started in the Provisioning menu in Azure

  1. Set the Provisioning Mode to Automatic from the dropdown menu.
  2. Copy the Tenant URL from your Spekit in-app walkthrough and paste it into the corresponding field.
  3. Copy the Secret Token from your Spekit in-app walkthrough and paste it into the corresponding field.
  4. Click Test Connection to verify the Tenant URL and Token are correct.
  5. Once confirmed, click Save.

Configure provisioning mode and credentials in Azure

 

Step 3: Set Up and Enable Attribute Mapping

How do I ensure user and group fields are mapped correctly?

  1. Expand the Mappings section on the Provisioning page.

Expand Mappings in Azure

  1. Confirm that both the group and user attribute mappings are enabled and mapping the correct fields.

Ensure user attribute mappings are enabled in Azure

  1. Open the user attribute mapping section and confirm that objectId is mapped to externalId.
⚠️ Important: The objectId → externalId mapping is not configured correctly by default in Azure. You must manually update this mapping or users will not sync correctly into Spekit.

Ensure objectId is mapped to externalId in Azure

 

Step 4: Assign Users to the Spekit SCIM App

How do I assign users and groups to the Spekit SCIM application?

Users and groups must be assigned to the Spekit SCIM application before they can be synced into Spekit.

  1. In the left sidebar under the Manage section, click Users and groups.

Navigate to Users and Groups in Azure

  1. Click Add user/group from the top menu.

Select Add user/group in Azure

  1. Click None selected under Users and Groups.
  2. Search for and select the users and groups you want to sync into Spekit.
  3. Click Select to confirm your selections, then click Assign.

Select users for SCIM application in Azure

  1. Navigate back to the Provisioning page and confirm the following settings are correctly configured:
    • Provisioning Status is set to On
    • Scope is set to Sync only assigned users and groups

Confirm Provisioning Status is On and Scope is set correctly in Azure

 

Related articles