search
Go to websiteGo to AvanooBook a call

cloud-checkImport users through SCIM with Microsoft Entra ID

This guide explains how to configure automatic user and group provisioning from Microsoft Entra ID to Avanoo using SCIM 2.0.

hashtag
Overview

Microsoft Entra can automatically:

  • Create users in Avanoo

  • Update user attributes

  • Deactivate users

  • Sync group memberships

Provisioning runs automatically (approximately every 40 minutes).

hashtag
1️⃣ Create the Enterprise Application in Entra

  1. Sign in to the Microsoft Entra Admin Center: https://entra.microsoft.com

    Required role:

    • Application Administrator

    • Cloud Application Administrator

    • Global Administrator

  2. Navigate to: Identity → Enterprise applications

  3. Click + New application

  4. Select Create your own application

  5. Enter a name (for example): Avanoo SCIM

  6. Select: Integrate any other application you don't find in the gallery (Non-gallery)

  7. Click Create

  8. Open the application and go to Provisioning

hashtag
2️⃣ Generate Your Avanoo SCIM Token

  1. Log in to your Avanoo Admin Portal: https://app.avanoo.ai

  2. Navigate to: Integrations → SCIM

  1. Click Generate SCIM Token

  2. Copy the generated token

⚠️ Keep this token secure. It grants provisioning access to your Avanoo workspace.

hashtag
3️⃣ Configure SCIM Provisioning in Entra

Inside your Entra Enterprise Application:

  1. Go to Provisioning

  2. Click Get started (or Edit provisioning configuration)

Configure the following:

hashtag
Provisioning Mode

Automatic

hashtag
Tenant URL

https://scim.avanoo.ai/scimarrow-up-right

hashtag
Secret Token

Paste the SCIM token generated from Avanoo.

  1. Click Test Connection

If successful, Entra can communicate with the Avanoo SCIM API.

  1. Click Save

hashtag
4️⃣ Assign Users and Groups

Entra only provisions assigned users/groups.

  1. Go to Users and groups

  2. Click Add user/group

  3. Select the users and/or groups to sync

  4. Click Assign

Only assigned users and groups will be provisioned to Avanoo.

hashtag
5️⃣ Configure Attribute Mappings (Important)

Navigate to:

Provisioning → Mappings → Provision Azure Active Directory Users

Ensure the following mappings:

Entra Attribute
Avanoo SCIM Attribute

mail

userName

objectId

externalId

givenName

name.givenName

surname

name.familyName

accountEnabled

active

hashtag
Required Configuration

  • userName must map to the user’s email address

  • externalId must map to objectId

Click Save.

hashtag
6️⃣ Enable Provisioning

  1. Return to Provisioning

  2. Set: Provisioning Status → On

  3. Click Save

Provisioning will now begin.

hashtag
🔄 Provisioning Behavior

  • Sync runs approximately every 40 minutes

  • Use Provision on demand to manually test a specific user

  • Supported operations:

    • User creation

    • User updates

    • User deactivation

    • Group membership updates

hashtag
🛠 Troubleshooting

If provisioning fails:

  1. Check Provisioning Logs in Entra

  2. Verify:

    • Tenant URL is exactly:

    • The SCIM token is valid

    • Users are assigned

    • Attribute mappings match the Avanoo SCIM schema

    • Your SCIM endpoint responds with HTTP 200

PreviousImporting users by emailNextLicenses Management

Last updated