Microsoft Entra ID
To configure SCIM with Microsoft Entra ID (formerly Azure Active Directory) for your organization, you must have administrator access for both Microsoft Entra ID and Apidog.
Preparation
Before configuring settings in the Microsoft Entra ID dashboard, navigate to the SAML SSO page within your Apidog organization settings. Click on the Generate a SCIM token button, and keep this page open for the next steps.
Modify Claim of SSO
To support SCIM provisioning, you should modify Unique User Identifier claim of SSO:
Open your Microsoft Entra ID management portal in a browser.
Go to Enterprise applications and open your desired application.
On the application's Overview page, click Set up single sign on.
Set up the Unique User Identifier (Name identifier) claim as follows:
Name identifier format to
Persistent
.Source attribute to
user.objectid
.
Configure SCIM Provisioning
To configure your SCIM provisioning, follow these steps:
Open your Microsoft Entra ID management portal in a browser.
Go to Enterprise applications and open your desired application.
On the application's Overview page, click Provision User Accounts.
- Click Get started.
- Select Automatic for Provisioning Mode, then copy and fill in the information from the Apidog page, and then click Test. The test results will be displayed in the upper right corner. If there is no problem, save it.
- After saving, you can configure mapping. First turn off "Groups Mapping".
- Then configure "Users Mapping".
- Delete
externalId
.
Edit the first attribute to have a:
source attribute of
objectId
target attribute of
externalId
matching precedence of
1
Add a new mapping:
source attribute of
userPrincipalName
target attribute of
userName
- Then delete other items and keep only the following items.
- Save, then return to the provisioning homepage and click Start provisioning.
- After a while, the provisioning results will be displayed.
Test Your SAML Configuration
Go back to Apidog and you can see the users who have been provisioned.
Once these provisioned members sign in using SSO, their status will change to Active and they will occupy paid seats.
Users in provisioned status do not occupy paid seats.
According to Azure's rules, synchronization occurs approximately every 40 minutes.