This guide is outdated. Please visit https://help.spreadly.app/en/article/user-provisioning-with-entra-id-10hld2i/ for the latest version.
Creating a SCIM Provisioning application in Microsoft Entra-ID is a straightforward process that significantly enhances the management of user identities in cloud-based applications. In this article, we'll guide you through the steps to set up a SCIM Provisioning application for Spreadly.
First, navigate to the "Applications" section in Entra-ID, and select "Enterprise applications". Here, click on "+ New application" and then choose "+ Create your own application". Name your application "Spreadly" and select the "Non-gallery" option. This step initiates the process of integrating your custom application with Microsoft's identity management solution.
Access the "Team > Members" section in Spreadly to find your SCIM Secret Token. This token is essential for secure communication between Spreadly and Microsoft Entra-ID. Copy this token as you'll need it in the next steps.
Now, open the newly created enterprise application in Entra-ID and go to "Provisioning > Manage: Provisioning". Set the Provision Mode to "Automatic". Input the Tenant URL as https://spreadly.app/api/v1/scim
and enter the Secret Token you previously copied from Spreadly. To ensure the setup is correct, click on "Test connection", then save your settings.
In this step, you'll configure how user attributes in Microsoft Entra-ID correspond to those in Spreadly.
Azure Active Directory Attribute | customappsso Attribute | Matching precedence |
---|---|---|
objectId | externalId | 1 |
userPrincipalName / email | userName | 2 |
givenName | name.givenName | |
surname | name.familyName | |
telephoneNumber | phoneNumbers[type eq "work"].value | |
mobile | phoneNumbers[type eq "mobile"].value | |
jobTitle | title | |
department | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User[department] | |
employeeOrgData.division | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User[division] | |
companyName | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User[organization] | |
streetAddress | addresses[type eq "work"][streetAddress] | |
city | addresses[type eq "work"][city] | |
postalCode | addresses[type eq "work"][postalCode] | |
state | addresses[type eq "work"][region] | |
country | addresses[type eq "work"][country] |
For a comprehensive list of user attributes, visit https://spreadly.app/en/blog/provisioning-with-scim-20#user-attributes. It's important to note that provisioning of Groups is not yet supported and should be disabled.
To verify that your mappings are correct, use the "Provision on demand" feature. Select a user to test the mapping. This step is crucial to ensure that the data flows correctly between Microsoft Entra-ID and Spreadly.
Finally, manage who will be provisioned by visiting "Manage: Users and groups" in your enterprise application. Here, select the users and groups you expect to be provisioned. This step determines which identities from Microsoft Entra-ID will be managed in Spreadly.
Finally, set up the Single Sign-On (SSO) feature for a seamless user experience. Under "Manage: Single sign-on," copy the Sign on URL from Spreadly's "Team > Settings." Additionally, upload the Spreadly application logo (download here). For a cleaner user interface, make the default Spreadly App (Application ID: f6f257df-7ac4-4e92-886c-4768649ca097
) invisible to users.
By following these steps, you'll have successfully integrated Spreadly with Microsoft Entra-ID using SCIM provisioning. This integration will streamline the management of user identities and access, enhancing both security and efficiency. If you have any questions don't hesitate to contact our support.