Skip to main content

Microsoft Entra ID

To configure SCIM with Microsoft Entra ID (formerly Azure Active Directory) for your organization, you must have administrator access for both Microsoft Entra ID and Apidog.

Preparation

Before configuring settings in the Microsoft Entra ID dashboard, navigate to the SAML SSO page within your Apidog organization settings. Click on the Generate a SCIM token button, and keep this page open for the next steps.

Preparation for SCIM settings

Modify Claim of SSO

To support SCIM provisioning, you should modify Unique User Identifier claim of SSO:

  • Open your Microsoft Entra ID management portal in a browser.

  • Go to Enterprise applications and open your desired application.

  • On the application's Overview page, click Set up single sign on.

  • Set up the Unique User Identifier (Name identifier) claim as follows:

    • Name identifier format to Persistent.

    • Source attribute to user.objectid.

modify claim of SSO step 1

modify claim of SSO step 2

Configure SCIM Provisioning

To configure your SCIM provisioning, follow these steps:

  • Open your Microsoft Entra ID management portal in a browser.

  • Go to Enterprise applications and open your desired application.

  • On the application's Overview page, click Provision User Accounts.

configure SCIM provisioning step 1

  • Click Get started.

configure SCIM provisioning step 2

  • Select Automatic for Provisioning Mode, then copy and fill in the information from the Apidog page, and then click Test. The test results will be displayed in the upper right corner. If there is no problem, save it.

configure SCIM provisioning step 3

  • After saving, you can configure mapping. First turn off "Groups Mapping".

configure SCIM provisioning step 4

  • Then configure "Users Mapping".

configure SCIM provisioning step 5

  • Delete externalId.

configure SCIM provisioning step 6

  • Edit the first attribute to have a:

    • source attribute of objectId

    • target attribute of externalId

    • matching precedence of 1

configure SCIM provisioning step 7

configure SCIM provisioning step 8

  • Add a new mapping:

    • source attribute of userPrincipalName

    • target attribute of userName

configure SCIM provisioning step 9

  • Then delete other items and keep only the following items.

configure SCIM provisioning step 10

  • Save, then return to the provisioning homepage and click Start provisioning.

configure SCIM provisioning step 11

  • After a while, the provisioning results will be displayed.

configure SCIM provisioning step 12

Test Your SAML Configuration

Go back to Apidog and you can see the users who have been provisioned.

  • Once these provisioned members sign in using SSO, their status will change to Active and they will occupy paid seats.

  • Users in provisioned status do not occupy paid seats.

  • According to Azure's rules, synchronization occurs approximately every 40 minutes.

testing SAML configuration