![OmniByte - PNG Black Logo Oct 2021 (1).png]](https://help.omnibyte.com/hs-fs/hubfs/OmniByte%20-%20PNG%20Black%20Logo%20Oct%202021%20(1).png?height=50&name=OmniByte%20-%20PNG%20Black%20Logo%20Oct%202021%20(1).png)
Integrating to Entra SCIM
How to integrate to Entra SCIM
Managing user information across multiple apps and users can quickly become complex. Microsoft Entra provides a SCIM (System for Cross-Domain Identity Management) interface that enables third-party applications to provision and manage user accounts and permissions directly through Entra. This integration allows administrators to centrally manage access and authorization across the organization from a single platform. We recommend coordinating with your IT department when setting up SCIM.
Note: FormsPro refers to both FormsPro and Advanced Forms.
By implementing SCIM integration with Microsoft Entra, administrators can provision, update, and deprovision users, as well as manage permissions, without accessing the FormsPro admin site. This streamlines identity management, reduces administrative overhead, and ensures consistent access control across systems. Users can get the necessary information to integrate with Entra (in the provisioning section of the enterprise application they have created), as well as map groups to sets of permissions within FormsPro.
Because FormsPro is not a multi-tenant application, each customer environment must configure its own Enterprise application within its identity provider, such as Microsoft Entra ID. This means the application registration and associated permissions cannot be shared across multiple organizations or tenants. Instead, every customer instance must create and manage a separate Enterprise Application to handle authentication, authorization, and integration settings for that specific environment. This ensures that access control, security policies, and service integrations remain isolated and properly managed within each organization’s tenant.
Once your Enterprise application is set up, you can assign users and groups to the application via the Users and Groups blade in Azure. In the SCIM application, these two entities are synced. Individual roles and admin permissions cannot be defined in Entra so a setup to map a group from Entra to a set of permissions is provided.
Entra requires a secret token to authenticate provisioning requests made to FormsPro. This token is generated within FormsPro and must be securely entered in the Provisioning configuration of your Entra Enterprise Application. It ensures that all SCIM requests sent from Entra are authorized and trusted.
The Groups page displays all groups that have been provisioned from Entra to FormsPro. Only groups that have been successfully synced through SCIM provisioning will appear here. These groups can then be mapped to permission sets within FormsPro to manage user access and roles.
The SCIM log can be used for diagnosing and resolving synchronization issues. By reviewing the SCIM Log, administrators can identify failed requests, troubleshoot configuration problems, and verify that users and groups are syncing correctly between Entra and FormsPro.