> ## Documentation Index
> Fetch the complete documentation index at: https://docs.superblocks.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Entra ID SCIM setup
> Instructions for setting up SCIM provisioning using Azure Entra ID as an IdP
export const Alert = ({type, title, children}) => {
const getIcon = () => {
switch (type) {
case 'info':
return "data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='20' height='20' viewBox='0 0 20 20' fill='none'%3E%3Cpath d='M10 0C4.477 0 0 4.477 0 10s4.477 10 10 10 10-4.477 10-10S15.523 0 10 0zm0 15c-.552 0-1-.448-1-1s.448-1 1-1 1 .448 1 1-.448 1-1 1zm1-3H9V6h2v6z' fill='%230099FF'/%3E%3C/svg%3E";
case 'success':
return "data:image/svg+xml,%3Csvg width='20' height='20' viewBox='0 0 20 20' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath fill-rule='evenodd' clip-rule='evenodd' d='M10 0C4.477 0 0 4.477 0 10s4.477 10 10 10 10-4.477 10-10S15.523 0 10 0zm4.293 6.293L9 11.586 5.707 8.293c-.391-.391-1.024-.391-1.414 0s-.391 1.024 0 1.414l4 4c.391.391 1.024.391 1.414 0l6-6c.391-.391.391-1.024 0-1.414s-1.024-.391-1.414 0z' fill='%230CC26D'/%3E%3C/svg%3E";
case 'warning':
return "data:image/svg+xml;charset=utf-8;base64,PHN2ZyB4bWxucz0naHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmcnIHhtbDpzcGFjZT0ncHJlc2VydmUnIHdpZHRoPScxMDgwJyBoZWlnaHQ9JzEwODAnPjxyZWN0IHdpZHRoPScxMDAlJyBoZWlnaHQ9JzEwMCUnIGZpbGw9J3RyYW5zcGFyZW50Jy8+PHBhdGggZD0nTTEzLjc5NCAxMC43NSA4LjMgMS4yNWExLjUgMS41IDAgMCAwLTIuNiAwbC01LjQ5NCA5LjVBMS40OTQgMS40OTQgMCAwIDAgMS41IDEzaDExYTEuNDkzIDEuNDkzIDAgMCAwIDEuMjk0LTIuMjVNNi41IDUuNWEuNS41IDAgMCAxIDEgMFY4YS41LjUgMCAwIDEtMSAwek03IDExYS43NS43NSAwIDEgMSAwLTEuNS43NS43NSAwIDAgMSAwIDEuNScgc3R5bGU9J3N0cm9rZTpub25lO3N0cm9rZS13aWR0aDoxO3N0cm9rZS1kYXNoYXJyYXk6bm9uZTtzdHJva2UtbGluZWNhcDpidXR0O3N0cm9rZS1kYXNob2Zmc2V0OjA7c3Ryb2tlLWxpbmVqb2luOm1pdGVyO3N0cm9rZS1taXRlcmxpbWl0OjQ7ZmlsbDojZmY5ZjM1O2ZpbGwtcnVsZTpub256ZXJvO29wYWNpdHk6MScgdHJhbnNmb3JtPSd0cmFuc2xhdGUoLjAyIDE5LjMwNSlzY2FsZSg3Ny4xNCknLz48L3N2Zz4=";
case 'danger':
return "data:image/svg+xml,%3Csvg width='20' height='20' viewBox='0 0 20 20' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M10 0C4.477 0 0 4.477 0 10s4.477 10 10 10 10-4.477 10-10S15.523 0 10 0zm5.707 4.293L10 9.586 4.293 4.293c-.391-.391-1.024-.391-1.414 0s-.391 1.024 0 1.414L8.586 11l-5.707 5.293c-.391.391-.391 1.024 0 1.414s1.024.391 1.414 0L10 12.414l5.707 5.293c.391.391 1.024.391 1.414 0s.391-1.024 0-1.414L11.414 11l5.707-5.293c.391-.391.391-1.024 0-1.414s-1.024-.391-1.414 0z' fill='%23F45252'/%3E%3C/svg%3E";
case 'note':
return "data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='20' height='20' viewBox='0 0 20 20' fill='none'%3E%3Cpath d='M10 0C4.477 0 0 4.477 0 10s4.477 10 10 10 10-4.477 10-10S15.523 0 10 0zm0 15c-.552 0-1-.448-1-1s.448-1 1-1 1 .448 1 1-.448 1-1 1zm1-3H9V6h2v6z' fill='%230099FF'/%3E%3C/svg%3E";
default:
return "";
}
};
return
{title &&
{title}
}
{children}
;
};
## Features
The following provisioning features are supported when integrating with Entra ID:
* Create users in Superblocks
* Remove users in Superblocks when they do not require access anymore
* Keep user attributes synchronized between Entra and Superblocks
* Provision groups and group memberships in Superblocks
## Prerequisites
The scenarios outlined in this tutorial assumed that you already have the following items:
* An Entra tenant
* A user account with permission to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator)
* A Superblocks organization on the Enterprise plan
* A user account in Superblocks with Admin permissions
## Setup
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/)
2. Navigate to **Identity** → **Applications** → **Enterprise applications**
3. Select your Superblocks SSO app or select **+ New application** → **+ Create your own application**
4. In the app management screen, select **Provisioning** in the left panel
5. Set the **Provisioning mode** to **Automatic**
6. Configure credentials as follows:
| Field | Value |
| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Tenant URL | **US**: [https://app.superblocks.com/scim/v2](https://app.superblocks.com/scim/v2)
**EU**: [https://eu.superblocks.com/scim/v2](https://eu.superblocks.com/scim/v2) |
| Secret token | [Access token](/admin/org-administration/auth/access-tokens) with Org Admin privileges |
7. Test the connection and click **Save**
8. Optionally, [configure user attributes](#configure-user-attributes)
9. Turn the **Provisioning Status** to **On**
10. Select the **Users and groups** tab and assign the users or groups you want to sync
## Configure user attributes
Certain user attributes in Entra can by synced to your Superblocks users' profiles.
### Supported user attributes
The Superblocks SCIM API currently supports the following attributes:
| SCIM User Attribute | Superblocks User Attribute
| Description |
| ------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `emails` | `Global.user.email` | Email identifier used to log in to Superblocks. |
| `displayName` | `Global.user.name` | The text shown in Superblocks when referring to the user. |
| `name.givenName` | `Global.user.name` | First name of the user. Concatenated with `name.familyName` if `displayName` is not provided. |
| `name.familyName` | `Global.user.name` | Last name of the user. Concatenated with `name.givenName` if `displayName` is not provided. |
| `groups` | `Global.user.groups` | List of groups to which the user belongs. |
| `active` | N/A | Disables the user when set to `FALSE` |
| `role` | N/A | The user's [**organization role**](/admin/org-administration/org-roles). Defaults to `null`. If not set, the [default role for the organization](/admin/org-administration/org-roles/using-org-roles#setting-default-role) will be used. |
### Create custom role attribute
All of the supported attributes listed above except for `role` are supported by default in Entra ID. You can manage a user's [**organization role**](/admin/org-administration/org-roles) via SCIM by configuring a custom attribute in Entra. To do so:
1. Go to your app's **Provisioning** page
2. Expand the **Mapping** section
3. Click on the **User** mapping
4. Scroll to the bottom of the page and click **Show advanced options**
5. Click **Edit attribute list for customappsso**
6. Add the following new attribute to the list
| Field | Value |
| ----- | ----------------------------------------------------------------- |
| Name | `urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:role` |
| Type | String |
7. Click **Save**
8. Back on the User mapping page, click **Add New Mapping**
9. Create a mapping with the **Target mapping** set to the role attribute just configured
10. Click **Save**
Now when users are provisioned or attributes updated, their [organization role](/admin/org-administration/org-roles) in Superblocks will be set based on the role assigned in Entra.