Guides
HomeChangelogStatus PageAPI ExplorerAPI ReferenceCLI ReferenceBlogRequest a Demo

Setting Up SCIM Provisioning with Microsoft Entra ID

Suggest Edits

📘

Prerequisite: You have already enabled SCIM provisioning in Monte Carlo and generated an endpoint URL and bearer token

The following guide are instructions for how to synchronize your Monte Carlo users and/or authorization groups with Microsoft Entra ID using SCIM.

Find your Monte Carlo application in Microsoft Entra ID

In Microsoft Entra ID, SCIM Provisioning can be enabled on each Enterprise Application. If you are using Entra ID as the Identity Provider for SSO to Monte Carlo, SCIM provisioning will be enabled on the same application you are using for SSO. If you are not using SSO and just want to have Entra ID provision users in Monte Carlo, you will need to create a new custom application.

Enable Provisioning

In your App under Manage find Provisioning and select New configuration.

For Tenant URL and Secret token, enter the values you got when you set up SCIM provisioning in the Monte Carlo UI.

Test the connection and save.

Configure User Attribute Mappings

Under the Provisioning settings in your application:

  1. Go to ‘Attribute mapping’

  2. Select ‘Provision Microsoft Entra ID Users’

  3. MC supports these user attributes:

    • userName (required)
      • userName must be mapped to mail
    • active (required)
    • emails[type eq “work”] (required)
    • givenName (optional)
    • familyName (optional)

    All other attributes will be ignored if included in SCIM requests.

  4. Set the Target Object Actions. By default ‘Create’, ‘Update’ and ‘Delete’ are enabled. This is recommended.

[Optional] Configure Group Attribute Mappings

Group sync is enabled by default and the default mappings do not need to be changed to work with Monte Carlo. If you do not want Group sync enabled, go to ‘Attribute mapping (preview)’ → ‘Provision Microsoft Entra ID Groups’ and toggle Enabled to “No”.

Assign Users and Groups

  1. In the App overview under Manage go to Users and groups
  2. Any User or Group added here will be synced to Monte Carlo when provisioning is enabled. Users or groups added to the app moving forward will be synced to Monte Carlo.

Enable Provisioning

Now that all your attribute mappings are configured, it is time to enable SCIM provisioning. This can be done under Provisioning → Settings → Provisioning Status

Updated about 5 hours ago