Configure SCIM provisioning using Microsoft Entra ID
      This guide describes how to set up user sync SCIM provisioning using Microsoft Entra ID.
        User sync with SCIM Provisioning with Microsoft Entra ID saves time when setting up new users and teams and helps you manage and gain access through user lifecycle management. miniOrange's SCIM provisioning can help you create, read, and update user accounts for new or existing users, remove accounts for deactivated users, and synchronize attributes across multiple user stores via Microsoft Entra ID.
      Follow the steps given below to configure User Sync SCIM provisioning using Microsoft Entra ID with miniOrange.
	Connect with External Source of Users
	miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, OpenLDAP, AWS etc), Identity Providers (like Microsoft Entra ID, Okta, AWS), and many more. You can configure your existing directory/user store or add users in miniOrange.
 
   Follow the step-by-step guide given below for Provisioning using Microsoft Entra ID 
      Prerequisites
      
        - User must have an Admin account on miniOrange
- They should have a user license.
1. Configure SCIM Client for Microsoft Entra ID in miniOrange
      
        - Login to  miniOrange dashboard.
- Go to Apps section
 
 
        - Go to Apps > Add Application button.
 
 
        - Select Provisioning  >> Scim Client (source).
 
 
        - Add the Custom Application Name
- Copy the Scim Base URL and Bearer Token and save it for further configuration.
 
 
        - Configure the attributes mappings and toggle on/off Enable Provisioning Features based on your requirements. 
 
 
        - SCIM base URL and Bearer Token can also be retrieved later by editing the app.
- If the provisioning feature “Delete the Deactivated users” is enabled then the unassigned/deleted users in source will be deprovisioned otherwise they will be disabled.
- Save the app.
2. Configure provisioning in Microsoft Entra ID 
        
            - Sign in to the Microsoft Entra ID portal using your Microsoft identity platform administrator account.
- Add an unlisted (non-gallery) application to your Microsoft Entra ID organization.
                    - Search for Enterprise Application.
- Select Enterprise Applications > New application. 
- Select Create your own application.
- Under What are you looking to do with your application? choose to Integrate any other application you don't find in the gallery .
 
 
            - Configure Provisioning 
                    - Open the created app
 
 
                    - Select Provisioning to open the provisioning panel for editing.
 
 
                    - Change provisioning mode from manual to automatic.
- Enter the SCIM Base URL into the Tenant URL and Bearer Token to Secret Token that we have saved earlier. Alternatively, you can also get SCIM Base URL and Bearer Token by editing the app you created during miniOrange app creation.
- Click on test connection.
- If test connection is successful save your configurations.
 
 
 
              - Provisioning Users
                    - Go to Assign users and group and assign the user you want to provision.
 
 
 
                    - If you already have some users then go or else create some users first then continue.
- Start Provisioning
                        - Go to provisioning tab.
- Click on Start provisioning.
- If you want to provision your assigned user right now go for Provision on demand.
 
 
 
                - Provision on demand
                        - Search for the user you want to provision (user must be assigned to the app).
- Click on Provision.
 
 
 
                        - Go to the User list in miniOrange portal, you will be able to find the user already provisioned.
View Provisioning Reports
  
    
      
How to access Provisioning Reports?
        
    
    
      
        
          - Navigate to the Reports in the left-hand navigation pane and select Provisioning Report.

          - Filter the reports by specifying Enduser Identifier and Application Name criteria. Additionally, choose the desired timespan for the reports. Once done, click on the Search.

          - Alternatively, you can directly click on Search to retrieve all provisioning reports based on time without applying any specific filters.
 
     
   
 
    
     External References