Guide to setting up SCIM sync with Entra ID user and group IDs
Part 1:
Create a Custom User Attribute
-
Sign in to the Azure portal as an Azure AD administrator.
-
Under Azure services, select Azure Active Directory.
-
In the left menu, select External Identities.
-
Note: There may be an additional step to enable a feature flag and allow this.
-
Select Custom user attributes.
-
To add an attribute, select Add.
-
Fill in the add attribute information page and create.
Part 2:
Add the custom attribute to users using Microsoft GraphExplorer:
-
Visit: https://developer.microsoft.com/en-us/graph/graph-explorer
-
You may need to grant permissions on behalf of your organization
-
Select your user profile on the top right →
Consent to Permissions-
Not that the app doesn't give you hints on what permissions you need.
-
-
-
Create a patch user request for the extension attributes using the convention
extension_<extensions-app-id>_attributename.-
The
<extensions-app-id>is specific to your tenant. To find this identifier, navigate to Azure Active Directory > App registrations > All applications. Search for the app that starts with "aad-extensions-app" and select it. On the app's Overview page, note the Application (client) ID.
-
Part 3:
Add the custom attribute to the Smallstep Provisioning App
-
Sign in to the Azure portal, select Enterprise Applications, select your application, and then select Provisioning.
-
Under Mappings, select the object (user or group) for which you'd like to add a custom attribute.
-
At the bottom of the page, select Show Advanced Options.
-
Select Edit attribute list for AppName.
-
At the bottom of the attribute list, enter information about the custom attribute in the fields provided. Then select Add Attribute.
Additional Documentation:
This documentation helps - https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes#editing-the-list-of-supported-attributes
https://portal.azure.com/?Microsoft_AAD_Connect_Provisioning_forceSchemaEditorEnabled=true.