SCIM

This feature is available in Enterprise Plan.

SCIM (System for Cross-domain Identity Management) is a standard for provisioning and deprovisioning users and groups in an organization.

Bytebase implements SCIM 2.0 and provides built-in support for Entra ID (Azure AD).

IdPUserGroupRoleInterval
Entra ID (Azure AD)Sync name and emailSync group email and membership40 minutes

Prerequisites

  • You must be the Workspace Admin to configure SCIM.
  • Configure External URL.

Entra ID

Create enterprise application

Sign in to the Entra ID Admin Center Dashboard. Select Enterprise applications and click New application.

create-application

Select Create your own application. Give your application a descriptive name, and select Integrate any other application you don’t find in the gallery (Non-gallery) option, then click Create.

create-own-application

Create provision

Go to the application detail page. Select Provision User Accounts.

provision-user-accounts

Click Get Started button.

provision-get-started

Change Provisioning Mode to Automatic.

provision-automatic

Go to your Bytebase console, navigate to Security & Policy -> Users & Groups page. Click Sync From Entra ID (Azure AD).

bytebase-sync-from-entra

Copy the Endpoint and Secret Token.

Bytebase endpoint implements SCIM protocol, please make sure you have configured External URL and it's network accessible from Entra.

bytebase-setting

Go back to Entra console, paste the Endpoint and Secret Token above to Tenant URL and Secret Token respectively. Click Test Connection and save upon success.

provision-admin-credentials

Edit attribute mapping

Continue the provision, click Mappings and click Provision Microsoft Entra ID Groups.

provision-group

Bytebase relies on email to uniquely identify an user. Thus you need to disable the displayName mapping and only enable the id mapping and use mail as the source attribute.

Click Edit button for the displayName row.

mapping-edit-display-name

Change Match objects using this attribute to No.

mapping-display-name

Click Edit button for the externalId row.

mapping-edit-external-id

  • Change Source attribute to mail.
  • Change Match objects using this attribute to Yes.
  • Set Matching precedence to 1.

edit-external-id

The final mappings look like this.

mapping

Assign users and groups

In order for your users and groups to be synced to Bytebase, you will need to assign them to your Entra SCIM application. Select Users and groups and click Add user/group.

add-user-group

Click None selected under the Users and Groups. Select the users and groups that you want to add to the SCIM application, and click Select and Assign.

assign-user-group

Turn on provisioning

On the application overview page, click Start provisioning.

start-provision

Afterwards, Entra will sync the users and groups to Bytebase periodically.

Edit this page on GitHub

Subscribe to Newsletter

By subscribing, you agree with Bytebase's Terms of Service and Privacy Policy.