Skip to main content

Auto-provisioning Omni users with Microsoft Entra SCIM

When SCIM (System for Cross-domain Identity Management) is enabled, you can automatically provision Omni accounts for your users and synchronize Omni user groups with groups in Microsoft Entra (formerly Active Directory / Azure AD).

info

Omni users created via SCIM will have Organization Member permissions. Organization Admins must be created in Settings > Users or have their permissions manually upgraded.

Requirements

To follow the steps in this guide, you'll need:

  • To have Microsoft Entra SAML authentication set up. If you don't, refer to the Microsoft Entra SAML authentication setup guide before proceeding.
  • Omni Organization Admin permissions
  • Permissions in Microsoft Entra that allow you to:
    • Access the Entra admin panel
    • Modify Entra applications

1. Create an Omni API key

info

Reach out to Omni support to have API keys enabled for your organization.

  1. Follow these steps to create a new API key named Entra SCIM.
  2. Copy the key somewhere handy - you'll need it to complete the setup.

2. Configure the Omni Entra application

This guide assumes that you have an existing Omni application in Microsoft Entra. Refer to the SAML setup guide if you have not yet created an Omni application.

  1. Log in to the Microsoft Entra admin panel.
  2. Navigate to Applications > Enterprise Applications.
  3. Locate and open the Omni application.
  4. In the Omni application, navigate to Manage > Provisioning.
  5. For the provisioning mode, select Automatic Provisioning Mode.
  6. Configure the Admin credentials section as follows:
    • Tenant URL - Enter the URL you use to log into Omni, appended with /api/scim/v2. For example, if your Omni login URL is https://blobsrus.omniapp.co, you would enter https://blobsrus.omniapp.co/api/scim/v2.
    • Secret Token - Paste the Omni API key you created in step 1
  7. Click Test connection and proceed if successful.

3. Configure mappings

In this step, you'll configure the user and user group mappings to provision in Omni.

  1. In the Mappings section, click the type of object you want to map - users or user groups.
  2. Remove all default attribute mappings except the following:
    • For users - Remove all mappings except userName, active, and displayName
    • For user groups - Remove all mappings except displayName and members
  3. Click Save.

4. Configure Omni login settings

  1. In Omni, navigate to Settings > Authentication.
  2. Enable Automatically provision new users on first login from this SAML provider.
  3. Click Save SAML changes.

What's next?

After you finish setting up SCIM, you can go a step further and sync your custom user attributes from Entra to Omni.

Refer to the Syncing Entra user attributes guide for more information.