rknightion
commented
2 months ago When doing an app registration for Authentik I was able to create a provisioning config by manually creating an additional -scim app in Enterprise Applications (Entra seems to somewhat limit oauth app registrations from having automatic provisioning eligibility). Admittedly I have larger issues with users from scim being matched against their user account in authentik post scim setup but that's a different issue I think
flexyneat
Describe your question/ Hi there,
I want to set up SCIM between Entra ID and my authentik instance. The limited SCIM Source documentation suggests this should be supported, but I don't know how.
When I click on "Provisioning" on my Enterprise Application in Azure I already configured successfully as an OAuth Source, I get the following message that can be seen in screenshots below.
It seems like, at least with this flow in the Azure console, it is expected that the application is a SaaS app from their gallery that you must register: https://learn.microsoft.com/en-us/entra/identity/saas-apps/tutorial-list
However, based on their docs, it seems like any "Applications that support SCIM 2.0" should work: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/user-provisioning#what-applications-and-systems-can-i-use-with-microsoft-entra-automatic-user-provisioning
If this should work, even in technical preview, some basic instructions would be nice so I can serve as a tester!
Relevant info I manage a small Entra deployment I can use for testing before integration with my organization in production. Happy to go back and forth on this!
Screenshots
Logs N/A
Version and Deployment (please complete the following information):
Additional context N/A