Configuring SCIM with Microsoft Entra ID (previously Azure Active Directory)

Updated on

If you are managing users through the SCIM API you may also be interested in How to manage user roles via user groups


Before you can configure provisioning for ScreenSteps using Microsoft Entra ID (previously Azure Active Directory), you will need to meet the following prerequisites:

  • Microsoft Entra ID tenant: You will need to have an Microsoft Entra ID tenant and have administrative access to it.
  • ScreenSteps account: You will need to have a ScreenSteps account with the appropriate permissions to configure SCIM, and you will need to access the admin account in the ScreenSteps portal to obtain the SCIM API token and endpoint.
  • Microsoft Entra ID application registration: You will need to register an application in your Microsoft Entra ID tenant and configure it for provisioning with ScreenSteps.
  • Microsoft Entra ID user account: You will need a Microsoft Entra ID user account that has sufficient privileges to register the application and configure provisioning.


The following provisioning features are supported:

  1. Provisioning of users and groups from Microsoft Entra ID to ScreenSteps using SCIM.
    1. The list of supported attributes are viewable at How to Use the SCIM User Provisioning API
  2. Automatic updates of user and group information in ScreenSteps when changes are made in Microsoft Entra ID.
  3. Support for both automatic and manual provisioning.
  4. Configurable mapping of attributes between Microsoft Entra ID and ScreenSteps.
  5. Support for multiple provisioning modes, including create, update, and delete.
  6. Detailed logs of provisioning events and errors.
  7. Support for custom mappings and transformations.
  8. Flexible filtering and scoping options.

Configuration Steps

1. Register the ScreenSteps App with your Microsoft Entra ID tenant

Add a New Application

Search for ScreenSteps in the App Gallery and select it.

Create the app.

2. Get your ScreenSteps API Token
Account > API Tokens

Get an API token

  1. If you don't already have an API token select Create API Token
  2. Copy the token
3. Enable Provisioning from Microsoft Entra ID to ScreenSteps

Select Provisioning.

Change Provisioning Mode to Automatic (recommended)

Enter Tenant URL and Secret Token.

The Tentant URL is the SCIM Base URL from the ScreenSteps Account Settings Screen.

Test Connection

4. Configure Provisioning Settings

Optionally enable email notifications for failures

Configure Scope

Sync only assigned users and groups is recommended


Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Still Need Help? Contact Us