Skip to content
  • There are no suggestions because the search field is empty.

SCIM configuration instructions for Microsoft Entra

Purpose

To provide instructions for the technical administrator to configure the SCIM integration to Klir’s system using the Microsoft Entra of the organization (former Azure Active Directory), so the users can be provisioned automatically on the Klir system. 


Requirements

Having the Azure Active Directory configured for the organization. Klir should provide the SCIM URL and the Token to authenticate the application.


Step 1: Create the Enterprise Application

  1. Sign in to the Azure Portal.
  2. Navigate to Enterprise applications
  3. Click + New application

  1. Click on + Create your own application

  1. Name it (e.g., Klir SCIM Integration) and select “Integrate any other application you don’t find in the gallery (Non-gallery)”
  2. Click Create 



Step 2: Enable Provisioning (SCIM)

  1. On the Enterprise Application, go to: Provisioning



  1. Under Provisioning Mode, choose:
    • Automatic
  2. Enter your SCIM endpoint URL and Secret Token:
    • Tenant URL: https://xxx.klir.com/scim/xxx/
    • Secret Token: your API key or bearer token.
      Azure AD will send Authorization: Bearer <token> in each SCIM call.
  3. Click Test Connection.
    • You should see a success message if your SCIM API responds correctly.

  1. Click on Save.
    • You should see a success message.

Step 3: Configure Mappings and Enable Provisioning

 Azure automatically detects SCIM schema attributes, but you can customize them:

  1. Still under Provisioning, expand Mappings.
  2. You’ll see two mappings:

o   Provision Microsoft Entra ID Groups

o   Provision Microsoft Entra ID Users

  1. As Klir currently doesn’t support Groups integration, we’ll need to disable it
  2. Click on Provision Microsoft Entra ID Groups

  1. Click on Enabled > No
  2. Click on Save

  1. Click Provisioning Status > On

  1. Check the final details

 Step 4: Configure Users for Provisioning

  1. On the Enterprise Application, go to the Users and groups page
  2. Click on + Add user/group

  1. Click on Users > None Selected
  2. Search for the users you want to provision
  3. Click on Select

  1. Confirm the users that should be added, and click on Assign

  1. You should see the complete list of users that will be provisioned

Azure will automatically start syncing users to your SCIM endpoint every ~40 minutes (you can force a sync manually with Provision on demand).


Provision on Demand

  1. On the Enterprise Application, go to Provision on demand
  2. Find a user you want to synchronize
  3. Click on Provision

  1. You should see the successful result message of the Provision request

  1. Check if the user was created on the Klir System