Contents
What is SCIM?
System for Cross-domain Identity Management (SCIM) is a standard protocol that automates the exchange of user identity information between systems, reducing manual work and security risks.
Use cases
The ActivTrak-Entra ID integration via SCIM API (Early Access) supports these admin capabilities:
-
User provisioning: Automatically creates ActivTrak user accounts when users are added in your identity provider
- Note: ActivTrak Agent install is required separately
-
User deprovisioning: Automatically removes user access when accounts are deactivated in your identity provider
- Note: ActivTrak Agent uninstall is required separately
- Group Management: Automatically adds and removes users to ActivTrak Groups based on group membership in your identity provider
Requirements
- ActivTrak SCIM API key via the ActivTrak App - Integrations page
- For User provisioning, you will not need a paid Entra ID subscription
- For Group provisioning, you will need a paid Entra ID license (P1, P2 or Suite). See Microsoft licensing requirements and pricing pages for details
Setup instructions
Generate ActivTrak SCIM API key
- Log in to the ActivTrak application
- Navigate to APIs & Integrations > Integrations
- Locate the Entra ID via SCIM card and click + Add Instance
- The Entra ID via SCIM drawer will open. Input an API Key Name. Copy and store the API Key. Then click Save.
Note: The key can only be copied at this time. If lost, it can be regenerated.
- Once the process is complete, the card will display the View Instance button
Register ActivTrak SCIM as an enterprise application
- Go to https://portal.azure.com/ and sign in
- Search for Entra ID from the portal homepage
- Select Enterprise applications from the side navigation
- Click New Application
- Select Create your own application
- Name it "ActivTrak SCIM" and select Integrate any other application
- Select 3. Provision User accounts
- Select Get started
- Set to Provisioning mode to Automatic
- Set the Tenant URL based on your ActivTrak instance location:
US instances: https://api.activtrak.com/scim/v1
EU instances: https://api-eu.activtrak.com/scim/v1
Other regions: Check our API documentation for your specific base URL
- Set the Secret Token to your ActivTrak integration key
- Configure appropriate settings
- Click Save
Configure user mappings
The default mappings should work without changes. To verify:
- In the mappings section, select Provision Microsoft Entra ID Users
- Review the mappings to ensure they're correct
- You will need to add the following custom attributes:
- Required: UserPrincipal Name
Type: String
urn:ietf:params:scim:schemas:extension:activtrak:2.0:User.userPrincipalNames[value eq null].value- Optional: Tracking
Type: Boolean
Note: Map it to your preferred Microsoft Entra ID Attribute (the expected value is true or false)
urn:ietf:params:scim:schemas:extension:activtrak:2.0:User.tracking- Optional: Employeeid
Type: String
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber
Configure group mappings
The default mappings should work without changes. To verify:
- In the mappings section, select Provision Microsoft Entra ID Groups
- Review the mappings to ensure they're correct. Verify that externalID is not included in the mapping
- Click the "Edit attribute list" link within Advanced Options as shown below
- For the Referenced Object Attribute for Members, uncheck "Group" so that only the User object remains, as shown below
Disable the Visible to users option
- In the "ActivTrak SCIM" application, under Manage, select Users and Groups
- If the "visible to users" message appears, click on it
- Select No to Visible to users
- Click Save
Set up Users and Groups for provisioning
- In the "ActivTrak SCIM" application, under Manage, select Users and Groups
- Click Add user/group
- Select Users and Groups
- Select the users and groups to be provisioned
Your ActivTrak SCIM integration is now set up! Users and groups will be automatically provisioned according to your settings.