Before you start make sure you’ve already generated the SCIM token for your team. See how to obtain your SCIM Token
Steps to set up user provisioning
1. Create an enterprise application in Entra ID
- Sign in to the Microsoft Entra admin center.
- Go to Identity > Applications > Enterprise applications.
- Select + New application.
- Choose Create your own application.
- Enter a name (for example, Kinship Provisioning).
- Select Integrate any other application you don’t find in the gallery (Non-gallery).
- Click Create.
2. Configure SCIM provisioning
- In your new Enterprise Application, go to Provisioning in the left menu.
- Under Provisioning Mode, select Automatic.
- Under Admin Credentials:
- Enter your Tenant URL in the Tenant URL field.
👉 How to find your Tenant URL - Enter your SCIM token in the Secret Token field.
- Enter your Tenant URL in the Tenant URL field.
- Click Test Connection to verify.
3. Enable user and group provisioning
- Once the connection is successful, click Save.
- Under Mappings, make sure both options are enabled:
- Provision Azure Active Directory Users
- Provision Azure Active Directory Groups
- Set Provisioning Status to On.
Troubleshooting
If something doesn’t work the first time, here are a few common things to check:-
Test Connection fails
- Double-check your Tenant URL. It should match exactly what you copied.
- Make sure your SCIM token hasn’t expired.
-
Users aren’t syncing
- Confirm that Provision Azure Active Directory Users is enabled under Mappings.
- Ensure the Provisioning Status toggle is set to On.
-
Groups aren’t syncing
- Check that Provision Azure Active Directory Groups is enabled.
- Verify that the groups you want to sync in Entra ID are assigned to the application.
-
Changes take time
- Provisioning isn’t instant—Microsoft Entra ID runs provisioning on a scheduled cycle (usually every 40 minutes). Allow some time for changes to appear.