With SCIM enabled, users won’t have the option to leave your organization on their own and won’t be able to change their account email or password. Only organization owners have permission to remove team members. Entra Identity administrators can use SCIM to manage user account details if they’re associated with a domain your organization verified.

📘 Note

You must be an Aptible organization owner to enable SCIM for your organization.

Step 1: Create a SCIM Integration in Aptible

  1. Log in to Aptible: Sign in to your Aptible account with OrganizationOwner privileges.
  2. Navigate to Provisioning: Go to the ‘Settings’ section in your Aptible dashboard and select Provisioning.

  1. Define Default Role: Update the Default Aptible Role. New users created by SCIM will be automatically assigned to this role.
  2. Generate SCIM Token: Aptible will provide a SCIM token, which you will need for Entra Identity configuration. Save this token securely; it will only be displayed once.

📘 Note

Please note that the SCIM token has a validity of one year.

  1. Save the Changes: Save the configuration.

Step 2: Enable SCIM in Entra Identity

Entra Identity supports SCIM 2.0, allowing you to enable user provisioning directly through the Entra Identity portal.

  1. Access the Entra Identity Portal: Log in to your Entra Identity admin center.
  2. Go to Enterprise Applications: Navigate to Enterprise applications > All applications.
  3. Add an Application: Click on ‘New application’, then select ‘Non-gallery application’. Enter a name for your custom application (i.e., “Aptible”) and add it.
  4. Setup SCIM: In your custom application settings, go to the ‘Provisioning’ tab.
  5. Configure SCIM: Click on ‘Get started’ and select ‘Automatic’ for the Provisioning Mode.
  6. Enter SCIM Connection Details:
    • Tenant URL: Enter https://auth.aptible.com/scim_v2.
    • Secret Token: Paste the SCIM token you previously saved.
  7. Test Connection: Test the SCIM connection to verify that the SCIM endpoint is functional and that the token is correct.
  8. Save and Start Provisioning: Save the settings and turn on provisioning to start syncing users.

Step 3: Configure Attribute Mapping

Customize the attributes that Entra Identity will send to Aptible through SCIM:

  1. Adjust the Mapping: In the ‘Provisioning’ tab of your application, select ‘Provision Microsoft Entra ID Users’ to modify the attribute mappings.

  1. Edit Attribute Mapping: Ensure to align with what Aptible expects, focusing on core attributes like User Principal Name, Given Name, and Surname.

  2. Include required attributes: Make sure to map essential attributes such as:

    • userPrincipalName to userName
    • givenName to firstName
    • surname to familyName
    • Switch([IsSoftDeleted], , “False”, “True”, “True”, “False”) to active
    • mailNickname to externalId

Step 4: Test the SCIM Integration

  1. Test User Provisioning: Create a test user in Entra Identity and verify that the user is provisioned in Aptible.
  2. Test User De-provisioning: Deactivate or delete the test user in Entra Identity and confirm that the user is de-provisioned in Aptible.

By following these steps, you can successfully configure SCIM provisioning between Aptible and Entra Identity to automate your organization’s user management.

Provisioning with Okta (SCIM)Best Practices Guide