Skip to main content

How to Enable SCIM 2.0 Provisioning with Microsoft Entra ID

Enable automatic user syncing between Microsoft Entra ID and AutoRFP

Saul Bard avatar
Written by Saul Bard
Updated this week

Article Summary

SCIM (System for Cross-domain Identity Management) provisioning enables automatic user creation, updates, and deactivation between Microsoft Entra ID and AutoRFP. Once configured, changes you make to users in Entra ID automatically sync to AutoRFP without manual intervention.

Estimated Time

20-30 minutes

Prerequisites

Before you begin, ensure you have:

  • Generated SCIM OAuth credentials in AutoRFP (Client ID and Client Secret) (Refer to this guide: How to Activate SCIM in AutoRFP)

  • Admin access to your Microsoft Entra ID tenant

  • Your AutoRFP region URL (app.autorfp.ai, eu.autorfp.ai, or us.autorfp.ai)

Supported SCIM Actions

AutoRFP supports syncing the following user attributes from Entra ID:

  • First Name

  • Last Name

  • Username (Email)

  • Job Title

  • Active Status (user activation/deactivation)

Step-by-Step Instructions

Part 1: Create Enterprise Application

Step 1: Navigate to Enterprise Applications

  1. In the Microsoft Entra admin center, type "Enterprise Applications" into the search bar

  2. Click Enterprise Applications from the results

Step 2: Create New Application

  1. Click New application

  2. Click Create your own application

  3. Enter a descriptive application name (e.g., "AutoRFP SCIM Provisioning")

  4. Select Integrate any other application you don't find in the gallery (Non-gallery)

  5. Click Create

Wait for the application to be created. This may take a few moments.

Part 2: Connect SCIM to AutoRFP

Step 1: Open Provisioning Settings

  1. On your new application's overview page, click Provisioning in the left menu

  2. Verify you're on the Overview page

Step 2: Configure SCIM Connection

  1. Click Connect your application

  2. Set Authentication method to "OAuth2 client credentials grant"

  3. Enter your Tenant URL based on your AutoRFP region:

    • app.autorfp.aihttps://api.autorfp.ai/scim/v2

    • eu.autorfp.aihttps://api.eu.autorfp.ai/scim/v2

    • us.autorfp.aihttps://api.us.autorfp.ai/scim/v2

  4. Enter your Token Endpoint based on your AutoRFP region:

    • app.autorfp.aihttps://api.autorfp.ai/oauth/token

    • eu.autorfp.aihttps://api.eu.autorfp.ai/oauth/token

    • us.autorfp.aihttps://api.us.autorfp.ai/oauth/token

  5. Paste your Client ID (generated in AutoRFP)

  6. Paste your Client Secret (generated in AutoRFP)

Step 3: Test and Create Connection

  1. Click Test Connection

  2. Verify you see a success notification

  3. Click Create to save the connection

If the test fails, double-check your credentials and URLs match your AutoRFP region.

Part 3: Configure Attribute Mappings

AutoRFP only supports updating specific user fields via SCIM. You'll need to configure how Entra ID attributes map to AutoRFP.

Step 1: Open User Mappings

  1. Click Attribute Mapping in the left menu

  2. Click Provision Microsoft Entra ID Users to view attribute mappings

Step 2: Update Email Attribute Mapping

  1. Locate the attribute mapping emails[type eq "work"].value

  2. Click the Edit icon for this mapping

  3. Change the Source attribute from mail to userPrincipalName

  4. Click OK

  5. Click Save at the top of the page

‼️ Important: This ensures user email addresses sync correctly to AutoRFP as usernames.

Part 4: Assign Users and Start Provisioning

Step 1: Assign Users to Application

  1. Click Users and groups in the left menu

  2. Click Add user/group

  3. Under Users, click None Selected

  4. Select the users you want to provision to AutoRFP

  5. Click Select

  6. Click Assign

Step 2: Start Provisioning

  1. Navigate back to the ProvisioningOverview page

  2. Click Start provisioning

Entra ID will now begin syncing assigned users to AutoRFP. Initial sync may take 20-40 minutes depending on the number of users.

💡 Tips & Best Practices

  • Verify your AutoRFP region URL before entering tenant and token endpoints

  • Test the connection before proceeding to attribute mapping

  • Document your region-specific URLs for future reference

  • Allow 20-40 minutes for initial provisioning cycle to complete

✋🏼 Common Mistakes to Avoid

  • Using the wrong regional URL (app vs. eu vs. us)

  • Entering incorrect Client ID or Client Secret

  • Not changing the email attribute mapping from mail to userPrincipalName

  • Forgetting to assign users to the application before starting provisioning

  • Starting provisioning with all users instead of a pilot group first

  • Not allowing enough time for initial provisioning cycle to complete

Need Help?

💬 Live Chat: Available in-app

📧 Email: [email protected] or contact your Success Manager directly for urgent support.

📚 Learning Centre: learn.autorfp.ai/en

Related Articles
How to Integrate with Salesforce
How to Activate SCIM in AutoRFP
How to Enable SCIM 2.O Provisioning with Okta
Did this answer your question?