SCIM
SCIM (System for Cross-domain Identity Management) is a standard for provisioning and deprovisioning users and groups in an organization.
Bytebase implements SCIM 2.0 and provides built-in support for Entra ID (Azure AD).
IdP | User | Group | Role | Interval |
---|---|---|---|---|
Entra ID (Azure AD) | Sync name and email | Sync group email and membership | ❌ | 40 minutes |
Prerequisites
- You must be the Workspace Admin to configure SCIM.
- Configure External URL.
Entra ID
Create enterprise application
Sign in to the Entra ID Admin Center Dashboard. Select Enterprise applications and click New application.
Select Create your own application. Give your application a descriptive name, and select Integrate any other application you don’t find in the gallery (Non-gallery) option, then click Create.
Create provision
Go to the application detail page. Select Provision User Accounts.
Click Get Started button.
Change Provisioning Mode to Automatic.
Go to your Bytebase console, navigate to Security & Policy -> Users & Groups page. Click Sync From Entra ID (Azure AD).
Copy the Endpoint and Secret Token.
Go back to Entra console, paste the Endpoint
and Secret Token
above to Tenant URL
and Secret Token
respectively.
Click Test Connection and save upon success.
Edit attribute mapping
Continue the provision, click Mappings and click Provision Microsoft Entra ID Groups.
Click Edit button for the displayName
row.
Change Match objects using this attribute to No
.
Click Edit button for the externalId
row.
- Change Source attribute to
mail
. - Change Match objects using this attribute to
Yes
. - Set Matching precedence to
1
.
The final mappings look like this.
Assign users and groups
In order for your users and groups to be synced to Bytebase, you will need to assign them to your Entra SCIM application. Select Users and groups and click Add user/group.
Click None selected under the Users and Groups. Select the users and groups that you want to add to the SCIM application, and click Select and Assign.
Turn on provisioning
On the application overview page, click Start provisioning.
Afterwards, Entra will sync the users and groups to Bytebase periodically.