tencent cloud

Examples of Synchronization from Microsoft Entra ID(Azure AD) via SCIM
Download PDF
Last updated: 2025-09-11 11:00:19
Examples of Synchronization from Microsoft Entra ID(Azure AD) via SCIM
Last updated: 2025-09-11 11:00:19
Download PDF
This document shows you how to synchronize users or user groups from Microsoft Entra ID (also known as Azure AD) to Tencent Cloud Identity Center by using the SCIM protocol.

Background

All configuration operations in Microsoft Entra ID need to be performed by an administrator (who has been granted global administrator permissions). For information on how to create a user and authorize the user as an administrator in Microsoft Entra ID, refer to Microsoft Entra Documentation.

Configuration in the Identity Center

Step 1: Enabling SCIM Synchronization

1. Log in to TCO > Identity Center.
2. In the left navigation bar, click User Management > Settings.
3. Click

in the SCIM User Synchronization Configuration area and click Enable in the pop-up window to enable SCIM synchronization.


4. After enablement, in the SCIM User Synchronization Configuration area, view or copy the SCIM server address, which will be used when configuring SCIM synchronization in the external IdP.
Chinese: https://scim.tencentcloudsso.com/scim/v2
International: https://scim.tencentcloudssointl.com/scim/v2


Step 2: Creating a SCIM Key

1. Click Generate New SCIM Key in the SCIM User Synchronization Configuration area.



2. In the Create CredentialSecret dialog box, you can save the SCIM key by Download CSV File or Copy. After saving the key, click OK.


Configuration in Azure

Step 1: Creating an Application in Microsoft Entra ID

1. Log in to the Azure portal as an administrator and click the menu icon in the top-left corner.



2. In the left navigation bar, select Microsoft Entra ID.



3. In the left navigation bar, select Manage > Enterprise applications and then go to All applications.



4. Click New application.

5. On the Browse Microsoft Entra Gallery page, click Create your own application, enter the name of your app in the right window, select Integrate any other application you don't find in the gallery (Non-gallery), and then click Create.




Step 2: Configuring SCIM Synchronization in Microsoft Entra ID

1. On the SCIM intl application page, click Provisioning in the left navigation bar.


2. On the Provisioning page, click Get Started.



3. Set the provisioning mode to Automatic. In the Admin Credentials area, configure the admin credentials.
In the Tenant URL area, enter the SCIM server address.
Obtain this address from Step 1: Enabling SCIM Synchronization.
In the Secret Token area, enter the SCIM key.
Obtain this SCIM key from Step 2: Creating a SCIM Key.
Click Test Connection.
After the test is successful, you can proceed with the Next operation.

4. In the Mappings section, you can use default configuration or modify attribute mapping as needed. The userName uses Microsoft Entra ID's userPrincipalName by default.

5. In the Settings section, the Scope module is selected by default to Sync only assigned users and groups. To synchronize, users and groups must first be assigned to the application.
Note:
If selected to Sync all users and groups, it will automatically sync all users and groups in Microsoft Entra ID.

6. Click On at Provisioning status, and click save. Configuration complete.

Step 3: Assign Users/Groups

1. On the Provisioning page, select Users and groups in the left menu, then click Add user/group.

2. On the Add Assignment page, select users or groups, and click Select.

3. Click Assign. Assigned users/groups display in the list.

Step 4: Synchronize Users/Groups

Automatically Synchronize User/Group (Non-Real-Time)

Assigned users/groups will be automatically synced to the identity center by Provisioning interval time, not in real-time synchronization.
In Microsoft Entra ID, synchronization occurs every 20-40 minutes by default. The interval cannot be modified.
Incremental users in the group will also be synced at the provisioning interval (non-real-time).


Manually Synchronize User/Group (Real-Time)

If you need Real-Time Synchronize, please follow the next steps.
Synchronize User
Synchronize User Groups
1. On the Provision on demand page, selected user to synchronize and click Provision.

2. Configuration successful.

1. On the Provision on demand page, selected group to synchronize, and selected users in the groups, then click Provision.
Note:
If not select users, the current synchronization will only synchronize groups, not contain users.

2. Configuration successful.


Result Verification

Log in to TCO > Identity Center.
Click User Management > User in the left sidebar and view User List. The Source will be flagged as External import.

Click User Management > User Group in the left sidebar and view User Group List. The Source will be flagged as External import.

Click User Group Name to enter the User group details page and view group users.

Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback