About this article
This article provides an overview of SCIM (automatic user provisioning) and how to set it up.
Overview of SCIM
System for Cross-domain Identity Management (SCIM) is an industry-standard protocol for automating the exchange of user identity information between different domains or IT systems. The identity provider will automatically synchronize your data with Templafy, ensuring user and group information is always up to date. If you add or remove a user from your Active Directory (AD), the change will automatically provision or deprovision the user from Templafy.
|
Update Frequency
The frequency at which SCIM runs in Microsoft Entra ID depends on the specific configuration and requirements of the organization. In typical setups, synchronization intervals are configured to synchronize every 35 to 40 minutes.
The frequency can be seen in MS Entra ID within the logs. Please note that stopping, pausing, or restarting does not affect the frequency and that the cycle is fixed on the time interval.
Known Limitations of SCIM
- SCIM does not support nested AD Groups, only direct user membership
- ADFS does not support SCIM
- Okta does not support user deprovisioning via SCIM
- "Microsoft's Entra ID currently can't provision null attributes. If an attribute is null on the user object, it will be skipped."
- In practical terms, this means that if a particular Microsoft Entra ID user attribute is set to null or has no value when provisioning a new user account or updating an existing one, Microsoft will not handle it as expected; instead, it will ignore that attribute. This limitation is specific to Microsoft Entra ID SCIM and does not affect the authentication flow.
How to set up SCIM with Microsoft Entra ID
|
How to set up SCIM with Okta
|
Comments
Article is closed for comments.