Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
System for Cross-domain Identity Management

Configuring Microsoft Entra ID (Azure Active Directory) Integration with SCIM

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Microsoft Entra ID (formerly Azure Active Directory) is a universal platform designed to protect and manage identity access. You can configure Entra ID to provision and synchronize users and groups with Invicti Enterprise.

The System for Cross-domain Identity Management (SCIM) 2.0 allows you to organize users and user groups. This standard lets you provide a defined schema for representing users and groups. Thus, you can securely automate the exchange of user identity data between your cloud application and any service provider.

To synchronize roles and permissions, you must configure the mapping between Entra ID users/groups and Invicti Enterprise members/teams.

This document explains how to synchronize users and/or groups in Microsoft Entra ID with Invicti Enterprise.

NOTE:

The following instructions only let you synchronize users and/or groups in Entra ID with Invicti Enterprise. For auto-provisioning and Single Sign-On, see Configuring Microsoft Entra ID (Azure Active Directory) Integration with SAML.

Complete these two steps to finish the configuration:

Step 1: Add Invicti Enterprise to Entra ID

  1. In the Entra ID portal, select Identity > Applications > Enterprise Applications from the left-side menu.
  2. In the Enterprise Applications page, select + New application.
  3. From the Browse Microsoft Entra Gallery page, choose + Create your own application.

Create your own application in Microsoft Entra Gallery.

  1. In the input name field on the right panel, enter a name for your application. (Enter any name; in this example, we use Invicti.)
  2. Select Integrate any other application you don't find in the gallery (Non-gallery).

Setting up integration of your own application with Microsoft Entra ID.

  1. Click Create to add the application. Wait for the application to be added to your tenant.

Step 2: Synchronize users and/or groups in Entra ID

  1. In the Entra ID portal, select Enterprise Applications > Invicti.
  2. Select Manage > Provisioning from the left-side menu.
  3. Select Provisioning again to configure it.
  4. In the Provisioning Mode drop-down, select Automatic, which will open fields for configuration.
  5. In the Admin Credentials section, complete the details:
  • Enter https://www.netsparkercloud.com/scim/v2 into the Tenant URL field. (For further information about the SCIM endpoints, refer to the SCIM API document.)
  • Enter your API Token into the Secret Token field. (For further information about API Token, refer to the API Settings document.)
  • Click Test Connection to make sure that the connection works.
  • Click Save. A new section, Mappings, will appear below the Admin Credentials.

NOTE:

Your Tenant URL might be different, one of the following URLs:

  1. In the Mappings section, configure the mapping between Entra ID users/groups and Invicti members/teams.
  2. In the Settings section, enter a notification email, if necessary, and specify the Scope.
  • From the Scope drop-down, select the Sync only assigned users and groups option to synchronize all users and groups added to Invicti in Entra ID.
  • In the Provisioning Status, select On.
  • Click Save to start provisioning and synchronizing.

The provisioning takes time based on the number of users you added to the Invicti application.

Once this initial synchronization completes, the provisioning service switches into incremental synchronization mode. It changes Invicti Enterprise based on the changes detected in Entra ID, including any changes to name and roles.

Provisioning summary in Microsoft Entra ID.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports