Entra ID
Last updated
Last updated
To set up SCIM in Entra ID for BirdCRM, you need to configure both the SCIM connection and settings. To provision users with roles, you must configure Push Groups to BirdCRM Groups that have role(s) assigned to them.
This section is divided into three parts:
Navigate to the SCIM Settings page which is available here or by visiting Settings and clicking on the Security tab and then SCIM Settings.
Click on Copy next to the SCIM base URL and take a copy of the Base URL as you will need it to configure Entra ID in the next section.
Click on Add new access key and fill out a meaningful Name and Description and click Save.
You will then be presented with your Access Key.
Make sure you take a copy and save it securely as you will not be able to view it again and you will need it to configure Entra ID in the next section.
An Enterprise Application is required in Entra ID to enable SCIM provisioning of users. Please see of the docs on how to set one up as these instructions assume it has already been created.
From the Overview page of your BirdCRM Enterprise Application, click on 3. Provision User Accounts followed by Get Started.
Change the Provisioning Mode to Automatic and copy the SCIM Base URL from Step 2. In the previous section into the Tenant URL. Copy the Access Key you created in the previous section into the Secret Token. Click on Test Connection to make sure the setup works. If the data entered is correct you will receive a success message and be able to click Save.
Once the settings have saved you will be able to expand the Mappings section. Click on Provision Microsoft Entra ID Users.
Scroll to the Attribute Mappings and remove all attributes except for userName, active, and displayName as shown in the screenshot below:
Click on Save and return to your Enterprise Application. You can now turn Provisioning Status to On and assign users and groups to the application which will be created in your BirdCRM organization.
At this stage SCIM is technically set up and users can be assigned the application via an Individual or Group assignment and will be created in your organization. They will not be assigned with a role though and would need one manually applied to be able to login. In order to automatically assign a role or roles to your users you can setup Push Groups and Groups in BirdCRM.
Group-based Role Assignments offer flexibility in managing users’ access to BirdCRM. You can scope roles to one or more workspaces and create granular access which is automatically managed via Entra ID.
In order to set up Group-based Role Assignment, you first need to push any groups to BirdCRM Groups and then assign the roles you would like per Group. Once you have the roles setup any users you add to the synced Entra ID groups will automatically receive the roles defined on the BirdCRM Groups.
First, verify that you have the Provision Microsoft Entra ID Groups enabled under Mappings.
Any groups that are assigned access to the application in Entra ID will have a synced BirdCRM Group created. As an example below, the BirdCRM Marketing Team group in Entra ID is assigned to the BirdCRM Enterprise Application with SCIM enabled.
A group with the same name is created in BirdCRM
You can assign multiple groups to the application in Entra ID depending on your access control needs.
Navigate to the Groups section of the Organization tab in Settings which is available here.
Click on the Group you would like to assign a role or multiple roles to and click View group.
Here you will see the Group overview including roles and group members. In order to add a role to the Group, click on Add new role, select a Role from the available choices and optionally select one or more Workspaces to restrict the role access to.
You can add multiple roles to the Group by continuing to click Add new role and selecting a Role and optionally one or more Workspaces to restrict the access to.
Click on Update and the roles will then be assigned to any Users of the Group.
Any new users that are added to the linked Entra ID group will then get added to the BirdCRM Group and receive the associated roles.