Azure SCIM Integration

swimlane turbine supports scim 2 0 integration with microsoft entra id (formerly azure active directory) this integration enables administrators to automatically provision users and groups to swimlane using the scim standard choose your path goal go to connect entra to swimlane configure scim in microsoft entra /#configure scim in microsoft entra understand sync timing user provisioning /#user provisioning , group provisioning /#group provisioning field mapping and api details provisioning with scim integration docid\ ucyk5mly9erosd2 nvjpu configure scim in microsoft entra in the microsoft entra admin center, create an enterprise application for swimlane turbine (non gallery custom app if needed) open the provisioning tab and set provisioning mode to automatic under admin credentials , enter field value tenant url https //\<your swimlane host>/tenant/api/account/\<account id>/scim/v2 secret token swimlane personal access token (pat) replace \<your swimlane host> with your swimlane turbine hostname and \<account id> with your swimlane account uuid create the pat in swimlane under edit profile > personal access token use a pat for a user with account admin privileges entra sends the token as the secret; swimlane maps bearer authentication for scim see provisioning with scim integration docid\ ucyk5mly9erosd2 nvjpu for authentication and authorization click test connection , then save when the test succeeds under users and groups , assign the users and groups entra should provision to swimlane use provision on demand when you need an immediate sync for a single user or group roles are not provisioned through scim after groups sync, assign roles to groups manually in swimlane turbine user provisioning provisioning users from microsoft entra id to swimlane turbine takes approximately 40 minutes this interval is controlled by microsoft and applies to all user related operations, such as updating user details or removing user assignments these changes are synced to swimlane at the end of the next 40 minute cycle group provisioning provisioning groups, with or without users, typically takes 20 minutes to sync with swimlane this applies to changes such as adding or removing users from a group updating group details deleting groups or removing group assignments from the scim application understanding provisioning cycles in the overview tab of your entra provisioning configuration, you can view provisioning cycle timestamps the most relevant fields are last cycle start time and last cycle completed time any user or group related changes made after last cycle start time are processed in the next provisioning run—approximately 40 minutes later for users and 20 minutes later for groups immediate provisioning (provision on demand) to sync a user or group immediately, use provision on demand in the entra provisioning configuration this triggers an instant provisioning attempt for the selected user or group keep the following in mind provision on demand only supports provisioning; it does not support updates, deletions, or group membership changes when provisioning groups, you can select individual users rather than syncing the entire group attribute handling entra requires only userprincipalname and displayname in the default mapping swimlane expects additional attributes, including first name, last name, email, and display name if any required attribute is missing, swimlane uses the userprincipalname value as a fallback for more information on how entra provisioning works, see how provisioning works https //learn microsoft com/en us/entra/identity/app provisioning/how provisioning works on microsoft learn see also provisioning with scim integration docid\ ucyk5mly9erosd2 nvjpu — prerequisites, pat authentication, rest endpoints, and field mapping