Skip to main content
  1. Addigy
  2. Enrolling Devices
  3. End User Management

Setting Up End Users SCIM - Entra ID

Updated:

Integrating Entra via SCIM into Addigy enables you to see your list of end users inside of Addigy as well as syncing them to devices and managing devices based on user attributes.
 

Overview & Benefits

  • Centralized User Management – Sync your Azure Entra directory users automatically into Addigy
  • Device Assignment – Assign devices to users making it simple to identify device inventories
  • Single Source of Truth – Keep user data synchronized inside of Addigy with real time events
  • Scalability – Automate provisioning as your organization grows
     

Let's go over how we can get this configured.

  1. Generate your SCIM URL and Token from Addigy
  2. Create a SCIM app inside of Entra  
  3. Test your SCIM connection

 

Step 1: Generate Your SCIM URL and Token from Addigy

Purpose: Create the SCIM endpoint and authentication credentials needed for Entra to communicate with Addigy.

Instructions:

  1. Log in to Addigy as an administrator
  2. Navigate to End Users page on the left hand navigation
  3. On the End User Page select Setup End User Management
  4. You will be presented with:
    • SCIM URL (e.g., https://***.addigy.com/scim/v2)
    • Bearer Token (a long alphanumeric string)
  5. Copy both values and store them securely – you'll need these for Entra configuration
  6. Click I've copied URL and Token

⚠️ Security Note: Treat the Bearer Token like a password. Do not share it publicly or commit it to version control. If compromised, regenerate immediately from the same settings page.

 

 

Step 2: Create a SCIM App inside of Entra

Purpose: Configure Azure Entra as a SCIM provider to push user data to Addigy.

Create the SCIM Integration in Microsoft Entra ID

Instructions:

  1. Sign in to the Microsoft Entra admin center.
  2. Open the portal menu and select Entra ID.
  3. On the Entra ID menu, select Enterprise apps.
  4. In the Manage section, select All applications.
  5. Select New application.
  6. Select Create your own application.
  7. Give the application a name (e.g., "Addigy SCIM Integration").
  8. Select Integrate any other application you don't find in the gallery (Non-gallery).
  9. Click Create. You will be taken to the Overview page for the newly created app.

 

Configure SCIM Provisioning

  1. Under Manage, select Provisioning.
  2. Click New Configuration.
  3. In the Tenant URL field, paste the SCIM Base URL that you copied earlier from Addigy (Step 1).
  4. In the Secret token field, paste the Bearer Token that you copied earlier from Addigy (Step 1).
  5. Click Test connection. You should see a successful test notification.
  6. Click Create.

 

 

Enable SCIM Mappings & Settings

  1. Click on Provisioning in the Manage section (you may already be here).
  2. Expand the Mappings section and verify that both Groups and Users are enabled.
    • These ensure user and group data sync from Entra to Addigy
  3. Expand the Settings section.
  4. For Scope, select Sync only assigned users and groups.
    • This ensures only explicitly assigned users and groups are provisioned to Addigy
  5. Set Provisioning Status to On.
  6. Click Save.
  7. Click the X in the upper-right corner to close the settings panel.

 

 

Assign Users and Groups to Addigy

  1. Under Manage, select Users and groups.
  2. On the menu, select Add user/group.
  3. In the Add Assignment dialog, select the link under Users and groups.
    • A list of users and security groups is displayed
  4. Search for or select the user(s) and group(s) you would like to sync to Addigy.
    • You can select multiple users and groups at once
  5. Click Assign to finish assigning users and groups to the app.
  6. Confirm that the users and groups you added appear in the Users and groups list.


 

Step 3: Test Your SCIM Connection

Purpose: Verify that Entra can successfully communicate with Addigy before full provisioning begins.
 

Initial Connection Test (In Entra)

  1. In the Microsoft Entra admin center, navigate to your Addigy SCIM application.
  2. Under Manage, select Provisioning.
  3. Locate the Tenant URL and Secret token fields (these contain the credentials you entered in Step 2).
  4. Click the Test connection button.
  5. Wait for the connection test to complete (typically 10–30 seconds).
     

Verify Users Appear in Addigy

  1. Once the connection test passes and provisioning is enabled (Provisioning Status: On), wait 5–10 minutes for the initial sync cycle to complete.
  2. Log in to Addigy as an administrator.
  3. Navigate to End Users,
  4. Verify that users you assigned in Entra (Step 2, steps 23–28) now appear in your Addigy tenant.
    • Look for users by email address, name, or department
    • Confirm user counts match your expectations
  5. Select a test user and verify that user attributes are correctly populated:
    • Email address
    • Display name
    • etc

 

Step 4 (Optional): Configure Manager Attribute Mapping

Purpose: By default, Entra's manager mapping does not correctly populate the manager.value field per the SCIM 2.0 spec. If your organization relies on manager relationships syncing to Addigy, follow these steps to fix the mapping.

Step 4.1: Open Your Enterprise Application

In the Azure Portal, navigate to Microsoft Entra ID → Enterprise Applications and select your SCIM provisioning app.

Step 4.2: Go to Provisioning Mappings

Under the Provisioning section, click Mappings, then click "Provision Microsoft Entra ID Users".

Step 4.3: Remove the Default Manager Mapping

In the attribute mappings list, find the existing entry for:

 
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager

Click it and delete it. The default mapping targets the parent complex attribute and does not correctly populate manager.value per the SCIM spec.

Step 4.4: Register manager.value as a Custom Attribute

Before you can map to manager.value, you need to add it to the attribute list.

  1. At the bottom of the page, check "Show advanced options"
  2. Click "Edit attribute list for [your app name]"
  3. In the blank row at the bottom of the list, enter the following, set the type to String, and click Save:
 
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value

Step 4.5: Add the New Manager Mapping

Back on the attribute mappings page, click "Add New Mapping" and configure it as follows:

Field Value
Mapping type Direct
Source attribute manager (the Entra ID manager object — the value sent will be the manager's Object ID)
Target attribute urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value

Click Ok and then Save.

Step 4.6: Verify Your externalId Mapping is Consistent

For Addigy to resolve the manager relationship, it needs to match the manager's Object ID to a known user. Confirm that the Entra ID Object ID is also mapped to externalId for all users:

Source attribute Target attribute
objectId externalId

This ensures that when Addigy receives manager.value containing an Object ID, it can look up the corresponding user by their externalId and correctly resolve the manager relationship.

 


NOTE: Microsoft Entra's SCIM 2.0 provisioning service has had known SCIM issues. PATCH request behavior for operations like disabling users, adding single-value attributes, replacing multiple attributes, and removing group members does not fully comply with the SCIM 2.0 specification by default. To ensure full SCIM compliance, you can append the feature flag aadOptscim062020 to your Tenant URL in the Entra provisioning configuration, this corrects the PATCH behavior and is expected to become the default in a future update. 

 

 

 


 

Was this article helpful?
0 out of 0 found this helpful
Return to top

Didn’t find what you’re looking for?

Contact our Support Team