Use SCIM 2.0 via Entra ID Updated February 05, 2025 08:03 SCIM is a widely accepted open standard that automates user provisioning. It’s designed to simplify user identity management in cloud-based applications and services. SCIM has a set of default contracts for users and groups that can be extended to work with Azure. Note: This article describes how to use SCIM 2.0 with an Enterprise application. If you do not need automatic provisioning, use the Showpad app from the Microsoft Azure Marketplace. Key features Provision your users and groups Map users and groups Assign users and groups to Showpad You need this to succeed Plan: eOS Expert, eOS Advanced, eOS Professional Previous plan: Showpad Platform Enterprise Permissions: Administrator Prerequisites: A Showpad Personal Access Token Entra ID with users and groups assigned in Showpad Permission to set up and configure new enterprise apps The Schema files for users and/or groups from Showpad are attached here The quick way Create a new Enterprise application Create and configure your SCIM application User Mappings Group Mappings Assign users and groups Test configuration Start provisioning Do this step by step Create a new Enterprise application Open the Azure Dashboard and select Microsoft Entra ID from the resource panel. Under Manage, select Enterprise applications from the left-hand menu. Click New application from the top menu. Click Create your own application. Enter the name of your application and select the Non-gallery app option. Click Create. Back to Top Create and configure your SCIM application Open the enterprise application you just created. From the Getting Started screen, find Provision Users Accounts. Click Get Started. For Provisioning Mode, select Automatic. Navigate to the Admin App, then click the gear icon to open Settings. Under Integrations, click API. Select API Tokens. Enter the name of the token, and click Add. Copy the token’s name. Back in Azure, enter the Tenant URL, which is your Showpad web address (ex: https://myorganization.showpad.biz) followed by /api/users/scim/v2/?aadOptscim062020 Note: The ?aadOptscim062020 parameter is needed for full SCIM compliance of the Entra ID implementation. See this Microsoft page for more information. Select your preferred Settings. Click Test Connection. When the connection is complete, you will see a green checkmark and a success message. After successfully testing the connection, click Save. Back to Top User mappings Under the Manage tab of your custom enterprise app, click Provisioning in the left column. Select Edit attribute mappings. Expand Mappings and click on Provision Microsoft Entra ID Users to configure the user mappings. Ensure that User Mapping is Enabled and the Source Object is set to User. If required, you can define scope filters in the Source Object Scope. For a full provisioning service, ensure that Create and Update are checked in the Target Object Actions settings. Check Delete if you want users deleted in Entra ID to be permanently deleted in Showpad. Uncheck Delete if you want users deleted in Entra ID to be temporarily deactivated in Showpad. Scroll to the end of the page and activate the Show Advanced Options box. Click the Review your Schema here link. Copy and Paste the target application field schema from the Schema file provided by Showpad at the bottom of this article. Save the new schema and return to the Attribute Mapping screen. Delete the fields that are not available in Showpad, e.g., city, state, mailNickname. Tip: Check out our Developer Portal article, which contains an up-to-date list of available fields. Map remaining or additional fields to the appropriate Showpad fields. Make sure to define the field that should be used for matching unique values between both systems. Click Save when you've finished building your schema. Here are some examples: Entra ID Attribute customappsso Attribute userPrincipalName userName mail emails[type eq "work"].value givenName name.givenName surname name.familyName objectId externalId Switch([IsSoftDeleted], , "False", "True", "True", "False") active Back to Top Group Mappings Ensure that User Mapping is Enabled and the Source Object is set to User. If required, you can define scope filters in the Source Object Scope. Under the Manage tab of your custom enterprise app, click Provisioning in the left column. Select Edit attribute mappings. Expand Mappings and click on Provision Microsoft Entra ID Groups to configure the group mappings. Ensure that Group Mapping is Enabled and the Source Object is set to Group. You can define scope filters in the Source Object Scope if needed. For a full provisioning service, ensure that Create, Update, and Delete are activated from the Target Object Actions settings. Scroll to the end of the page and activate the Show Advanced Options box. Click the Review your Schema here link. Copy and Paste the target application field schema from the Schema file provided by Showpad at the bottom of this article. Save the new schema and return to the Attribute Mapping screen. Delete non-required fields not available in Showpad from the Mappings, e.g., city, state, mailNickname. Tip: Check out our Developer Portal article, which contains an up-to-date list of available fields. Map remaining or additional fields to the appropriate Showpad field. Make sure to define the field that should be used for matching unique values between both systems. Save your changes. Back to Top Assign users and groups To provision or de-provision users and groups, they must be assigned to the enterprise app. Go to the Overview section of your SCIM enterprise application. Click Assign users and groups. Click Add user/group from the top navigation bar. Click the link under Users. Search for users and/or groups you would like to add to this application and select them. Click Assign. Back to Top Test your configuration Before enabling automatic provisioning, we recommend using the Provision on demand functionality to manually provision users or groups. This allows you to validate that your configuration works as expected. Navigate to the Provisioning page of your app. Select Provision on-demand from the top navigation bar. Search for the user account that you assigned to the app and select it. Click Provision at the bottom of the page. The provisioning will start and list the result of each step as it's completed. In Showpad, navigate to the Users tab and search for the user you’ve just provisioned to verify they were successfully created with all the mapped properties assigned. Back to Top Start provisioning From the provisioning home screen, click the Start provisioning button to start the automatic process. From this screen, you can also Stop, Restart, and Edit your provisioning as well as Provision on demand. Click Refresh when needed. Back to Top Attachments GROUP SCHEMA Showpad SCIM Groups 220128.json 90 KB Download USER SCHEMA Showpad SCIM Users 220128.json 90 KB Download Related articles Manage Courses in the Courses library Okta user provisioning with SCIM Using SCIM 2.0 via Entra ID Present and personalize Microsoft Office files in Showpad Integrate Showpad activities in Salesforce