Microsoft Entra ID Provisioning and Deprovisioning
Microsoft Entra ID SCIM Provisioning allows to create account in a simplified way and link Microsoft Entra ID SCIM users' account to their existing or new apps. Microsoft Entra ID SCIM Provisioning automates user provisioning with their identities.
Provisioning saves time when setting up new users and teams, and also manages access privileges through the user lifecycle. miniOrange can create, read, and update user accounts for new or existing users, remove accounts for deactivated users, and synchronize attributes across multiple user stores.
Microsoft Entra ID SCIM User provisioning and deprovisioning actions are bi-directional, so you can create accounts inside an external application and import them into miniOrange, or alternatively create the accounts in miniOrange and then push them out to any linked external applications.
Microsoft Entra ID SCIM Deprovisioning means deleting a user and removing their access from multiple applications and network systems at once. Deprovisioning action is triggered when an employee leaves a company or changes roles within the organization. The deprovisioning features increase your organization's security profile by removing access to sensitive applications and content from people who leave your organization.
Provisioning & Deprovisioning Scenarios
miniOrange provides Provisioning solutions for all scenarios of user management (provisioning), which includes AD Integration, LDAP Integration and automated provisioning for all External Applications such as Microsoft Entra ID SCIM, Google Workspace, Workday, etc
Follow the Step-by-Step Guide given below to setup Microsoft Entra ID SCIM Provisioning
1. Add SCIM Configuration for Microsoft Entra ID application in miniOrange
- Go to Apps >> Provisioning >> Create a SCIM 2.0 App for Microsoft Entra ID.
- Save the SCIM Base URL and Bearer token which will be used in this step.
2. Setup SCIM Provisioning for Microsoft Entra ID
- Log in to your Microsoft Entra ID portal and select the Azure Active Directory. Then create an Enterprise application.
- Click on New Application and select non-gallery application. If you already have an enterprise application and want to enable provisioning in it then jump to this step.
- Give suitable name to your user provisioning application.
- Click on Provisioning in left menu and click on Get started.
- Select the Provisioning Mode as Automatic.
- Under Admin Credentials, enter the SCIM Base URL (as Tenant URL) and SCIM bearer Token (as Secret Token) as provided by miniOrange.
- Click on Test Connection. If the connection is established, it will show a success message.
- Click on the Save button.
- Then go to the Users and Groups menu and add Users that you want to provision into your application.
- Now, again open the Provisioning menu and set the Provisioning status to On.
- Select the Scope as per your requirements and click on the Save button.
3. Add Attribute Mapping
- Now in the Add Attribute Mapping, choose the required Target Attributes with their specific miniOrange Attributes. You can select either Default User Profile Attribute or Custom User Profile Attribute.
Note: The userName, name.givenName, name.familyName, emails[type eq \"work\"].value, displayName and active fields are required.
- In Enable Provisioning Features, you can enable any feature below.
- Click on Save button.
4. Test Configuration
- When the initial cycle run from Microsoft Entra ID, you can see the user details from Microsoft Entra ID in miniOrange.
View Provisioning Reports
How to access Provisioning Reports?
- Navigate to the Reports in the left-hand navigation pane and select Provisioning Report.
- Filter the reports by specifying Enduser Identifier and Application Name criteria. Additionally, choose the desired timespan for the reports. Once done, click on the Search.
- Alternatively, you can directly click on Search to retrieve all provisioning reports based on time without applying any specific filters.
External References
