goauthentik
SCIM Source with Microsoft Azure AD/Entra ID
Describe your question/ Hi there,
I want to set up SCIM between Entra ID and my authentik instance. The limited SCIM Source documentation suggests this should be supported, but I don't know how.
When I click on "Provisioning" on my Enterprise Application in Azure I already configured successfully as an OAuth Source, I get the following message that can be seen in screenshots below.
It seems like, at least with this flow in the Azure console, it is expected that the application is a SaaS app from their gallery that you must register: https://learn.microsoft.com/en-us/entra/identity/saas-apps/tutorial-list
However, based on their docs, it seems like any "Applications that support SCIM 2.0" should work: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/user-provisioning#what-applications-and-systems-can-i-use-with-microsoft-entra-automatic-user-provisioning
If this should work, even in technical preview, some basic instructions would be nice so I can serve as a tester!
Relevant info I manage a small Entra deployment I can use for testing before integration with my organization in production. Happy to go back and forth on this!
Screenshots
Logs N/A
Version and Deployment (please complete the following information):
- authentik version: 2024.4.2
- Deployment: helm
Additional context N/A
When doing an app registration for Authentik I was able to create a provisioning config by manually creating an additional -scim app in Enterprise Applications (Entra seems to somewhat limit oauth app registrations from having automatic provisioning eligibility). Admittedly I have larger issues with users from scim being matched against their user account in authentik post scim setup but that's a different issue I think
yes, I too have the same issue matching users from entraID with authentik users
Most of these issues should be resolved with 2024.8 which lets you customize the mapping of data in the SCIM Source: https://docs.goauthentik.io/docs/releases/2024.8
