How to configure SCIM with Azure AD

Enable Azure AD SAML for Single Sign-On in Zeeg with our easy guide on setting up SSO using Microsoft Entra-ID for enhanced user access and security.

Zeeg facilitates seamless SCIM provisioning with Azure Active Directory, enabling user creation, updates to user details like names and emails, deactivation, and deletion. These modifications are automatically reflected in Zeeg.

SSO and SCIM can be offered with an Enterprise account. Please contact us to learn more about it.


  1. You must be either owner or an admin of your organization.

  2. Ensure SAML single sign-on (SSO) setup is complete before initiating SCIM configuration.

During the configuration process, it is recommended to have Zeeg and Azure platforms accessible concurrently in different browser windows for ease of operation.

When SCIM is enabled, you can only add/delete your Zeeg organization users through Azure AD, and not through Zeeg anymore.

1. Enable SCIM for your organization in Zeeg

  1. From your Zeeg dashboard, select Your Organization.

  2. Go to the SCIM tab. (This tab is only shown when you have enabled SSO)

  3. Click on Enable SCIM; Zeeg will then generate and show a SCIM Secret Token which will be used in the next steps.

2. Setup SCIM provisioning in Azure AD

  1. Open your Azure portal in a separate tab and browse to Enterprise Applications > All applications.

  2. Find the application you created for Zeeg and click on it.

  3. From the left sidebar, go to Provisioning and then select Get Started.

  4. For Provisioning Mode, select Automatic.

  5. Open the Admin Credentials section in Azure:

    1. Copy the Base URL from your Zeeg SCIM dashboard and paste it into the Tenant URL field.

    2. Copy the SCIM Secret Token from your Zeeg SCIM dashboard and paste it into the Secret Token field.

    3. Click on Test Connection. You should get a successful message from Azure.

  6. Open the Mappings section in Azure:

    1. Zeeg currently does not support Group provisioning; therefore, click on Provision Azure Active Directory Groups. Toggle Enabled to No. Then Save and click on X to return to the main Mappings view.

    2. Click on Provision Azure Active Directory Users. Under Target Object Actions, select Create, Update and Delete.

    3. Under Attribute Mappings, keep the following Azure attributes and delete everything else:

      1. userPrincipalName

      2. Switch([IsSoftDeleted], , "False", "True", "True", "False")

      3. displayName

      4. surname

      5. country

      6. mailNickname

    4. Under Attribute Mappings, select click on each of the following Azure attributes and change the Source attribute accordingly:

      1. mail: change to mail

      2. mailNickname: change to userPrincipalName

    5. The end result of Attribute Mappings should look like below:

    6. Click on Save, then Yes. Finally click on the X at the top right to return to the main Provisioning page.

  7. Open the Settings section in Azure.

    1. If you want to be notified of synchronization issues, select "Send an email notification when a failure occurs" and enter an email address.

    2. For Scope, select Sync only assigned users and groups.

    3. Finally, toggle Provisioning Status to On, and then click on Save.

Note that the provisioning sync is every 40 minutes.

3. Assign users to the Zeeg Enterprise Application in Azure

  1. From Enterprise Applications in Azure, select the application you created for SSO with Zeeg.

  2. Under Getting Starter, click on 1. Assign users and groups.

  3. Click on + Add user/group.

  4. Under Users, if ou haven't already assigned any users, you will see None selected; click on that.

  5. In the opened box, search and select your users, and then click on Select; the box will close.

  6. Click on Assign.

Last updated