Setup User Provisioning with Entra-ID (Microsoft)


read time
3 minutes
Date
9th of January 2024

This guide is outdated. Please visit https://help.spreadly.app/en/article/user-provisioning-with-entra-id-10hld2i/ for the latest version.


Creating a SCIM Provisioning application in Microsoft Entra-ID is a straightforward process that significantly enhances the management of user identities in cloud-based applications. In this article, we'll guide you through the steps to set up a SCIM Provisioning application for Spreadly.

Step 1: Create an Enterprise Application

Create an Entra-ID Enterprise Application for Spreadly

First, navigate to the "Applications" section in Entra-ID, and select "Enterprise applications". Here, click on "+ New application" and then choose "+ Create your own application". Name your application "Spreadly" and select the "Non-gallery" option. This step initiates the process of integrating your custom application with Microsoft's identity management solution.

Step 2: Obtain SCIM Secret Token from Spreadly

Obtain SCIM Secret Token from Spreadly

Access the "Team > Members" section in Spreadly to find your SCIM Secret Token. This token is essential for secure communication between Spreadly and Microsoft Entra-ID. Copy this token as you'll need it in the next steps.

Step 3: Set Up Provisioning

Set Up Provisioning in Entra-ID

Now, open the newly created enterprise application in Entra-ID and go to "Provisioning > Manage: Provisioning". Set the Provision Mode to "Automatic". Input the Tenant URL as https://spreadly.app/api/v1/scim and enter the Secret Token you previously copied from Spreadly. To ensure the setup is correct, click on "Test connection", then save your settings.

Step 4: Edit Attribute Mappings

Setp SCIM Mapping attributes in Entra-ID

In this step, you'll configure how user attributes in Microsoft Entra-ID correspond to those in Spreadly.

Azure Active Directory Attribute  customappsso Attribute Matching precedence
objectId externalId 1
userPrincipalName / email userName 2
givenName name.givenName
surname name.familyName
telephoneNumber phoneNumbers[type eq "work"].value
mobile phoneNumbers[type eq "mobile"].value
jobTitle title
department urn:ietf:params:scim:schemas:extension:enterprise:2.0:User[department]
employeeOrgData.division urn:ietf:params:scim:schemas:extension:enterprise:2.0:User[division]
companyName urn:ietf:params:scim:schemas:extension:enterprise:2.0:User[organization]
streetAddress addresses[type eq "work"][streetAddress]
city addresses[type eq "work"][city]
postalCode addresses[type eq "work"][postalCode]
state addresses[type eq "work"][region]
country addresses[type eq "work"][country]

For a comprehensive list of user attributes, visit https://spreadly.app/en/blog/provisioning-with-scim-20#user-attributes. It's important to note that provisioning of Groups is not yet supported and should be disabled.

Step 5: Test the Mapping

Test Mapping by provisioning a single user on demand

To verify that your mappings are correct, use the "Provision on demand" feature. Select a user to test the mapping. This step is crucial to ensure that the data flows correctly between Microsoft Entra-ID and Spreadly.

Step 6: Select Users/Groups for Provisioning

Finally, manage who will be provisioned by visiting "Manage: Users and groups" in your enterprise application. Here, select the users and groups you expect to be provisioned. This step determines which identities from Microsoft Entra-ID will be managed in Spreadly.

Step 7: Configure Single Sign-On (optional)

Configure Single Sign-On

Finally, set up the Single Sign-On (SSO) feature for a seamless user experience. Under "Manage: Single sign-on," copy the Sign on URL from Spreadly's "Team > Settings." Additionally, upload the Spreadly application logo (download here). For a cleaner user interface, make the default Spreadly App (Application ID: f6f257df-7ac4-4e92-886c-4768649ca097) invisible to users.

We are there for you!

By following these steps, you'll have successfully integrated Spreadly with Microsoft Entra-ID using SCIM provisioning. This integration will streamline the management of user identities and access, enhancing both security and efficiency. If you have any questions don't hesitate to contact our support.

Similar topics

Setup bookmark application in Entra-ID for Spreadly 2 minutes read time

Setup a custom domain for your team One minute read time