Skip to main content

Microsoft Entra ID Sync via SCIM

How to set up the Microsoft Entra ID / Active Directory integration to synchronize user information

🛠️ 1: Enable SCIM within the revel8 Platform

  1. In the revel8 platform, go to: Integrations → SCIM

  2. Enable SCIM by clicking Generate SCIM Config

  3. Copy the SCIM URL and Secret Token - you'll need these in Step 3

🏢 2: Create an enterprise application

  1. Open the Microsoft Entra Admin Center

  2. Go to Enterprise apps → click New application

  3. Select Create your own application → type in a suitable name e.g. revel8 → click create

⚙️ 3: Configure Application

  1. Go to the provisioning tab within the revel8 application

  2. Setup the provisioning with the following parameters:

    • Provisioning Mode: Automatic

    • Authentication Method: Bearer Authentication

    • Tenant URL: (paste the SCIM URL from Step 1)

    • Secret Token: (paste the token from Step 1)

🧩 4: Configure Attribute Mappings

Following microsoft SCIM attributes are needed to fully integrate with the revel8 platform:

  1. Users: Review and adjust the attribute mapping - please refer to the mapping overview here (especially the custom - yellow marked - entries to validate)

  2. Groups: [DisplayName, members]

  3. Make sure to Test your Connection.

💡 Which fields are available in revel8?

For a full overview of which revel8 fields are populated via SCIM, which SCIM attribute to use, and how each maps to a Microsoft Entra ID attribute, see the Attribute Mapping Reference at the bottom of this article.

👥 5: Assign groups

  1. Simply assign the required users or groups to the revel8 application

  2. As an alternative, also all groups in scope can be synced by checking the designated button under the provisioning setup

  3. Click Start provisioning

📌 Requirements and Limitations

  • The SCIM integration with revel8 is limited to data from Microsoft Entra ID. On-premise Active Directories are not supported

  • It only allows for the connection of a single Entra ID tenant. All user data must be managed within one Azure tenant, as connections to multiple tenants are not supported

  • Once a SCIM connection is established, administration of SCIM-synced users must be done through Entra ID. Updating or modifying these synced users via Excel or CSV import is no longer possible. However, distinct users not managed within the same Entra ID tenant can still be added via a CSV upload.

  • The system supports individual email addresses only. Group or shared email addresses are not supported

  • To provision Entra ID security groups, a "Premium P1" license or higher is required.

Final Checklist

  • SCIM configuration generated in revel8 (URL & Token saved)

  • Enterprise application created in Microsoft Entra

  • Provisioning mode set to Automatic

  • SCIM Tenant URL and Secret Token added in Microsoft Entra

  • Attribute mappings configured or confirmed

  • Test Connection successfully passed

  • Required groups assigned to the application

  • Provisioning started and users/groups visible in revel8

📋 6: Attribute Mapping Reference

The table below lists all available user fields in revel8, the SCIM attribute used to populate each field, and the corresponding Microsoft Entra ID attribute. Use this as a reference when reviewing or adjusting your attribute mappings in Step 4.

⚠️ Standard vs. custom attributes

Most fields below are pre-mapped by default when you create a new enterprise application in Entra. Fields marked Custom (yellow) are not pre-mapped - they require you to add a new attribute mapping manually in Entra, and potentially the revel8 team must enable them on your organisation for you if needed.

In any case, please review if the relevant information is actually stored in the expected Entra ID attribute, otherwise you need to adjust the mapping.

revel8 Field

SCIM Attribute

Microsoft Entra ID Attribute

Comment

First Name

name.givenName

givenName

Pre-mapped by default

Last Name

name.familyName

surname

Pre-mapped by default

E-Mail

emails[type eq "work"].value

mail

Pre-mapped by default

Job Title

title

jobTitle

Pre-mapped by default

Department

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department

department

Pre-mapped by default

Language

preferredLanguage

preferredLanguage

Pre-mapped by default

Country

addresses[type eq "work"].country

country

Pre-mapped by default.
Used to derive time zone for local business hours scheduling

Main Phone Number

phoneNumbers[type eq "work"].value

telephoneNumber

Pre-mapped by default

Mobile Phone Number

phoneNumbers[type eq "mobile"].value

mobile

Pre-mapped by default

Management (Manager)

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager

manager

Pre-mapped by default.
The referenced manager must also be provisioned in revel8, otherwise the field will not resolve.

Status

active

Switch([IsSoftDeleted],,"False","True","True","False")

Pre-mapped by default. Automatically derived from the Entra soft-delete state.

Microsoft ID

externalId

objectId

Custom. Needed for MSTeams Attacks.

Company

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:costCenter

extensionAttribute or custom directory attribute

Custom. Must be manually added as a new mapping in Entra. Map to whichever Entra attribute holds this value in your directory (e.g. extensionAttribute). Contact revel8 to enable

Company Code

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:division

extensionAttribute or custom directory attribute

Custom. Must be manually added as a new mapping in Entra. Contact revel8 to enable

User Type

userType

employeeType or custom directory attribute

Custom. Must be manually added as a new mapping in Entra. Contact revel8 to enable

Salutation

N/A

N/A

Automatically generated by revel8. No mapping available.

Time Zone

N/A

N/A

Automatically derived from the Country field ensure Country is populated. No mapping available.

💡 Data quality tips

  • Ensure preferredLanguage and country are populated for all users in Entra, these directly affect which language simulations are sent in and when they are scheduled

  • The manager field only resolves if the referenced manager is also in scope of the SCIM sync and provisioned in revel8

  • Exclude test accounts, service accounts, and shared mailboxes from your SCIM scope to keep your employee data clean

  • For large or complex organisations, consider enabling 2–3 custom attributes (e.g. Company, Company Code, User Type)

Related Articles
Single Sign-On (SSO) with SAML via Microsoft Entra ID
Microsoft Entra ID - Enterprise Application Scoping Filter
Direct Message Ingestion (DMI) for Microsoft 365/Entra
Did this answer your question?