Entra ID

To set up SCIM in Entra ID for BirdCRM, you first need to establish the SCIM connection and settings. After that, you’ll configure Push Groups to link BirdCRM Groups with that assigned role(s) roles for user provisioning.

This section is divided into four parts:

BirdCRM Steps for SCIM Configuration

Navigate to the SCIM Settings page which is available or go by visiting Settings > Security > SCIM Settings.

Copy the SCIM Base URL by clicking “Copy” next to it. You’ll need this URL for the Entra ID setup in the next section.
Click on Add new access key and fill out a meaningful Name and Description and click Save.

Once your Access Key appears, copy it and save it securely. You won’t be able to view it again, and you’ll need it to configure Entra ID later.

Entra ID configuration

From the Overview page of your BirdCRM Enterprise Application, click on 3. Provision User Accounts followed by Get Started.

Change the Provisioning Mode to Automatic and copy the SCIM Base URL from Step 2 and paste into the Tenant URL.
Copy the Access Key you created in the previous section into the Secret Token. Click on Test Connection to make sure the setup works. If the data entered is correct you will receive a success message and be able to click Save.

Once the settings have saved you will be able to expand the Mappings section. Click on Provision Microsoft Entra ID Users.

Scroll to the Attribute Mappings and remove all attributes except for userName, active, and displayName as shown in the screenshot below:

Click on Save and return to your Enterprise Application. You can now turn Provisioning Status to On and assign users and groups to the application which will be created in your BirdCRM organization.

At this stage SCIM is technically set up and users can be assigned the application via an Individual or Group assignment and will be created in your organization. They will not be assigned with a role though and would need one manually applied to be able to login. In order to automatically assign a role or roles to your users you can setup Push Groups and Groups in BirdCRM.

Group-based Role Assignment

Group-based Role Assignments offer flexibility in managing users’ access to BirdCRM. You can scope roles to one or more workspaces and create granular access which is automatically managed via Entra ID.

In order to set up Group-based Role Assignment, you first need to push any groups to BirdCRM Groups and then assign the roles you would like per Group. Once you have the roles setup any users you add to the synced Entra ID groups will automatically receive the roles defined on the BirdCRM Groups.

Entra ID Steps

First, verify that you have the Provision Microsoft Entra ID Groups enabled under Mappings.

Any groups that are assigned access to the application in Entra ID will have a synced BirdCRM Group created. As an example below, the BirdCRM Marketing Team group in Entra ID is assigned to the BirdCRM Enterprise Application with SCIM enabled.

A group with the same name is created in BirdCRM

You can assign multiple groups to the application in Entra ID depending on your access control needs.

BirdCRM Final step

Click on the Group you would like to assign a role or multiple roles to and click View group.

Here you will see the Group overview including roles and group members. In order to add a role to the Group, click on Add new role, select a Role from the available choices and optionally select one or more Workspaces to restrict the role access to.

You can add multiple roles to the Group by continuing to click Add new role and selecting a Role and optionally one or more Workspaces to restrict the access to.
Click on Update and the roles will then be assigned to any Users of the Group.

Any new users that are added to the linked Entra ID group will then get added to the BirdCRM Group and receive the associated roles.

Last updated 7 months ago

Was this helpful?