github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-09 15:38:03 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
51819e57d14b6696c0bb946dd532ada565c0c67d
infisical/docs/documentation/platform/scim/azure.mdx
Vladyslav Matsiiako f623c8159d documentation revamp
2024-03-31 23:37:57 -07:00

74 lines
3.5 KiB
Plaintext
Raw Blame History

---
title: "Azure SCIM"
description: "Learn how to configure SCIM provisioning with Azure for Infisical."
---
<Info>
Azure SCIM provisioning is a paid feature.
If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
then you should contact sales@infisical.com to purchase an enterprise license to use it.
</Info>
Prerequisites:
- [Configure Azure SAML for Infisical](/documentation/platform/sso/azure)
<Steps>
<Step title="Create a SCIM token in Infisical">
In Infisical, head to your Organization Settings > Authentication > SCIM Configuration and
press the **Enable SCIM provisioning** toggle to allow Azure to provision/deprovision users for your organization.
![SCIM enable provisioning](/images/platform/scim/scim-enable-provisioning.png)
Next, press **Manage SCIM Tokens** and then **Create** to generate a SCIM token for Azure.
![SCIM create token](/images/platform/scim/scim-create-token.png)
Next, copy the **SCIM URL** and **New SCIM Token** to use when configuring SCIM in Azure.
![SCIM copy token](/images/platform/scim/scim-copy-token.png)
</Step>
<Step title="Configure SCIM in Azure">
In Azure, head to your Enterprise Application > Provisioning > Overview and press **Get started**.
![SCIM Azure](/images/platform/scim/azure/scim-azure-get-started.png)
Next, set the following fields:
- Provisioning Mode: Select **Automatic**.
- Tenant URL: Input **SCIM URL** from Step 1.
- Secret Token: Input the **New SCIM Token** from Step 1.
Afterwards, press the **Test Connection** button to check that SCIM is configured properly.
![SCIM Azure](/images/platform/scim/azure/scim-azure-config.png)
After you hit **Save**, select **Provision Microsoft Entra ID Users** under the **Mappings** subsection.
![SCIM Azure](/images/platform/scim/azure/scim-azure-select-user-mappings.png)
Next, adjust the mappings so you have them configured as below:
![SCIM Azure](/images/platform/scim/azure/scim-azure-user-mappings.png)
Finally, head to your Enterprise Application > Provisioning and set the **Provisioning Status** to **On**.
![SCIM Azure](/images/platform/scim/azure/scim-azure-provisioning-status.png)
Alternatively, you can go to **Overview** and press **Start provisioning** to have Azure start provisioning/deprovisioning users to Infisical.
![SCIM Azure](/images/platform/scim/azure/scim-azure-start-provisioning.png)
Now Azure can provision/deprovision users to/from your organization in Infisical.
</Step>
</Steps>
**FAQ**
<AccordionGroup>
<Accordion title="Why do SCIM-provisioned users have to finish setting up their account?">
Infisical's SCIM implmentation accounts for retaining the end-to-end encrypted architecture of Infisical because we decouple the **authentication** and **decryption** steps in the platform.
For this reason, SCIM-provisioned users are initialized but must finish setting up their account when logging in the first time by creating a master encryption/decryption key. With this implementation, IdPs and SCIM providers cannot and will not have access to the decryption key needed to decrypt your secrets.
</Accordion>
</AccordionGroup>
Reference in New Issue View Git Blame Copy Permalink