This article provides step-by-step instructions to set up the SCIM connection between Microsoft Entra ID and deskbird, enabling seamless synchronization of user and group data.
💡 Note: After setting up SCIM, the first sync may take 1–2 hours. Please wait and check again later.
⚠️ Provisioning objects must only include users and/or groups that require access to deskbird. Any objects included in the sync will be provisioned automatically.
- Create the SCIM token in deskbird
- Setting up the SCIM application
- Steps to provision the selected objects
1. Create the SCIM token in deskbird
- Go to the "API keys" menu in the admin section
- Click the "Generate key" button and choose the SCIM option
3. Choose your SCIM provider and generate your token (there is only one token per company)
Â
4. Copy your SCIM token and paste it into a secure location (the token will not be visible on the UI)
5. You can always revoke an existing key and generate a new one
Â
Now you have all you need to proceed with setting up your SCIM application
Â
2. Setting up the SCIM application
- Go to https://entra.microsoft.com/ and click on Enterprise applications
- Click on New application
- Click on Create your own application
- Give it a name, and make sure that Integrate any other application you don't find in the gallery (Non-gallery) is checked:
- Click Create
- You should now be redirected to the newly created application
- Go to Provisioning
- Click Get started
- Select Automatic from the dropdown
- In the Tenant URL field, insert the following URL: https://api.deskbird.app/v2/scim
- In the Secret Token field, enter the company SCIM token you generated in the first step
- Click Test Connection
If everything works as expected, you will see a confirmation pop-up.
- Click Save
- Click Provision Microsoft Entra ID Users under Mappings
- Scroll to the bottom of the page, and delete the mailNickname attribute
- At the bottom of the page, click Add New Mapping
- Go to Source attribute and select objectId from the dropdown
- Go to Target attribute and select externalId from the dropdown
- Click Save
- You should now see the added mapping in the list:
- Click Provision Microsoft Entra ID Users under Mappings
đź’ˇ Recommended check for group-based provisioning:
If you are using group-based SCIM provisioning, we strongly recommend verifying the group attribute mappings to ensure users are correctly deactivated in deskbird when they are removed from an Entra ID group.
- In the Mappings section, select Provision Microsoft Entra ID Groups from the dropdown.
- Scroll to the bottom and click Show advanced options.
- Locate the attribute with the target attribute members.
Ensure the following configuration:
- ❌ urn:ietf:params:scim:schemas:core:2.0:Group is not selected
- âś… urn:ietf:params:scim:schemas:extension:enterprise:2.0:User remains selected
Save the changes and allow a few minutes for Microsoft Entra ID to apply them. With this configuration, users removed from Entra ID groups will be correctly set to Inactive in deskbird during the next provisioning cycle.
- Go to Enterprise Applications and select Users and Groups
- Click Add user/group
- Click None selected
- Search and choose the group(s)/user(s) you wish to provision. Click on Select
- Click Assign
Everything should be configured now!
3. Steps to provision the selected objects
- Go to your SCIM application and click Provisioning
- Go to Start provisioning
- The process will be kicked off in the background. Once completed, it should look like this:
💡 Note: After setting up SCIM, the first sync may take 1–2 hours. Please wait and check again later. After the initial setup, a sync will happen every 40 minutes.