Skip to main content

How to configure SCIM with Microsoft Entra ID

Enable Microsoft Entra ID (formerly Azure AD) SAML 2.0 for Single Sign-On in Zeeg with our easy guide on setting up SSO using Microsoft Entra-ID for enhanced user access and security.

Written by Fernando Figueiredo
Updated over 3 weeks ago

Zeeg facilitates seamless SCIM provisioning with Entra ID, enabling user creation, updates to user details like names and emails, deactivation, and deletion. These modifications are automatically reflected in Zeeg.

SSO and SCIM can be offered with an Enterprise account. Please contact us to learn more about it.

Requirements

  1. You must have an organization in Zeeg and be the owner or an admin.

  2. Ensure SAML single sign-on (SSO) setup is complete before initiating SCIM configuration.

During the configuration process, it is recommended to have Zeeg and EntraID platforms accessible concurrently in different browser windows for ease of operation.

When SCIM is enabled, you can only add/delete your Zeeg organization users through Microsoft Entra ID, and not through Zeeg anymore.

1. Enable SCIM for your organization in Zeeg

  1. From your Zeeg dashboard, go to your Workspace settings.

  2. Go to the SCIM tab.

  3. Click on Enable SCIM; Zeeg will then generate and show a SCIM Secret Token which will be used in the next steps.

2. Setup SCIM provisioning in Microsoft Entra ID

1. Open your Entra ID portal in a separate tab and browse to Enterprise Applications > All applications.
2. Find the application you created for Zeeg and click on it.

3. From the left sidebar, go to Provisioning and then select Get Started.

4. For Provisioning Mode, select Automatic.

5. Open the Admin Credentials section in Entra ID and:

  • Copy the Base URL from your Zeeg SCIM dashboard and paste it into the Tenant URL field.

  • Copy the SCIM Secret Token from your Zeeg SCIM dashboard and paste it into the Secret Token field.

  • Click on Test Connection. You should get a successful message from Entra ID.

6. Open the Mappings section in Entra:

  • Zeeg currently does not support Group provisioning; therefore, disable Provision Microsoft Entra ID Groups.

  • Click on Provision Entra ID Directory Users. Under Target Object Actions, select Create, Update and Delete.

  • Under Attribute Mappings, keep the following customappsso attributes and delete everything else: username, active, displayName, name.givenName, name.familyName, addresses[type eq "work"].country, externalId

7. Under Attribute Mappings, select click on each of the following customappsso attributes and change the Source Attribute:

  • username: change source to mail

  • externalId:

    • change source to objectId

    • set Match objects using this attribute to Yes

    • set Matching precedence to 2

The end result of Attribute Mappings should look like below:

8. Click on Save, then on Yes. And finally, click on the X at the top right to return to the main Provisioning page.

9. Open the Settings section in Entra ID.

10. If you want to be notified of synchronization issues, select "Send an email notification when a failure occurs" and enter an email address.

11. For Scope, select Sync only assigned users and groups.

12. Finally, toggle Provisioning Status to On, and then click on Save.

Note that the provisioning sync is every 40 minutes.

3. Assign users to the Zeeg Enterprise Application in Entra ID

  1. From Enterprise Applications in Entra ID, select the application you created for SSO with Zeeg.

  2. Under Getting Starter, click on 1. Assign users and groups.

  3. Click on + Add user/group.

  4. Under Users, if ou haven't already assigned any users, you will see None selected; click on that.

  5. In the opened box, search and select your users, and then click on Select; the box will close.

  6. Click on Assign.

Related Articles
How to setup SSO with Microsoft Entra ID (SAML)
Assigning Roles and Teams via SCIM in Microsoft Entra ID
How to Sign in With Single Sign-On (SSO)
Did this answer your question?