This guide walks you through configuring SCIM provisioning for the Brellium application using Microsoft Entra ID (formerly Azure Active Directory). SCIM provisioning enables you to manage user lifecycle operations from Microsoft Entra ID.Documentation Index
Fetch the complete documentation index at: https://sso.brellium.dev/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites
Before you configure SCIM provisioning, ensure you have:- Administrator access to your Microsoft Entra ID tenant
- A Brellium admin account with permissions to authorize integrations
- The Brellium application registered in your Microsoft Entra ID tenant
- SSO configured for Brellium (see the SSO Configuration for Microsoft Entra ID guide)
- SCIM Tenant URL and Secret Token from Brellium (contact your customer success manager or Brellium support)
Supported features
The Brellium SCIM integration supports the following provisioning features:| Feature | Direction | Description |
|---|---|---|
| Push new users | Entra ID to Brellium | Users assigned to the Brellium app in Entra ID are automatically created in Brellium |
| Push profile updates | Entra ID to Brellium | Profile changes made in Entra ID are synced to Brellium |
| Push user deactivation | Entra ID to Brellium | Users unassigned or disabled in Entra ID are deactivated in Brellium |
| Reactivate users | Entra ID to Brellium | Previously deactivated users are reactivated when reassigned in Entra ID |
Supported profile attributes
The following SCIM attributes are supported for user provisioning between Microsoft Entra ID and Brellium:Core attributes
| SCIM attribute | Description |
|---|---|
userName | User’s primary identifier (email address format) |
emails[primary eq true].value | Primary email address |
name.givenName | First name |
name.familyName | Last name |
active | Account activation status |
title | Job title |
userType | User type — determines the default permissions assigned when the user is created in Brellium. You must set this value correctly. Accepted values: employee, operations, manager (unless otherwise configured in coordination with Brellium). If you need a custom configuration, contact your customer success manager or Brellium support. |
timezone | User’s timezone |
externalId | External identifier |
Enterprise User extension attributes
The following attributes use theurn:ietf:params:scim:schemas:extension:enterprise:2.0:User schema namespace.
| Attribute | Description |
|---|---|
employeeNumber | Employee number |
department | Department |
division | Division |
organization | Organization |
manager | Manager |
Configuration steps
Verify the SSO application
Before creating the SCIM application, verify that the enterprise application you created for Single Sign-On is configured correctly.
- In the Microsoft Entra admin center, go to Identity > Applications > Enterprise applications.
- Select the application you created for Single Sign-On.
- Go to Manage > Properties.
- Confirm that Assignment required? is set to Yes.
Create a SCIM application
SCIM provisioning requires a separate non-gallery enterprise application in Microsoft Entra ID.
- Go back to Enterprise applications and click New application.
- Click Create your own application.
- Enter a name for the application (e.g.,
Brellium SCIM). - Select Integrate any other application you don’t find in the gallery (Non-gallery).
- Click Create.
Assign users and groups
Assign the same users and groups to the SCIM application as those assigned to the SSO application.
- In the newly created SCIM application, go to Users and groups under Manage.
- Click Add user/group.
- Select the users or groups to assign and click Assign.
Configure provisioning
- In the SCIM application, go to Provisioning under Manage.
- Set Provisioning Mode to Automatic.
- In the Admin Credentials section, enter the following:
- Tenant URL: Provided by Brellium
- Secret Token: Provided by Brellium
- Click Test Connection to verify the credentials.
- Click Save.
Configure attribute mappings
- In the Provisioning section, expand Mappings.
- Click Provision Microsoft Entra ID Users.
- Review the attribute mappings and ensure the following are configured:
userPrincipalName→userNamemail→emails[type eq "work"].valuegivenName→name.givenNamesurname→name.familyNamejobTitle→title
- Click Save.
Microsoft Entra ID provides default attribute mappings for standard SCIM attributes. Review the mappings to ensure they match your organization’s directory structure.
Configure scope and start provisioning
- In the Provisioning section, go to Settings.
- Set the Scope to one of the following:
- Sync only assigned users and groups — Only users and groups assigned to the Brellium SCIM app are provisioned.
- Sync all users and groups — All users in the directory are provisioned.
- Set Provisioning Status to On.
- Click Save.
Verify provisioning
- In the Provisioning section, check the Provisioning logs for the status of provisioned users.
- In Brellium, verify that the provisioned user accounts were created with the correct profile attributes.
- Update a test user’s profile in Microsoft Entra ID (for example, change the job title or department).
- Verify that the profile update is synced to Brellium.
- Unassign a test user from the Brellium app in Microsoft Entra ID.
- Verify that the user is deactivated in Brellium.
Troubleshoot
| Issue | Cause | Solution |
|---|---|---|
| ”Test Connection” fails | Incorrect Tenant URL or Secret Token | Verify the SCIM credentials provided by Brellium |
| Users not provisioned | Provisioning scope is misconfigured | Verify the scope setting and ensure users are assigned to the app |
| Attribute mapping errors | Incorrect attribute mappings | Review the mappings in the Provision Microsoft Entra ID Users section |
| Provisioning cycle stuck | Microsoft Entra ID provisioning service issue | Check the Provisioning logs for errors and restart provisioning if needed |
Support
If you have questions or encounter issues not covered in this guide, contact the Brellium support team:- Email: sso.support@brellium.com