Support
System for Cross-domain Identity Management

Configuring Microsoft Entra ID (Azure Active Directory) Integration with SCIM

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Microsoft Entra ID (formerly called Azure Active Directory) is a universal platform designed to protect and manage access to identities. So, you can configure Entra ID to provision and synchronize users and groups with Invicti Enterprise.

  • With System for Cross-domain Identity Management (SCIM) 2.0, you can organize users and user groups. This standard lets you provide a defined schema for representing users and groups. So, you can securely automate the exchange of user identity data between your cloud application and any service provider.
  • So, if you want to synchronize roles and permissions in addition to users and/or user groups, you need to configure the mapping between Entra ID users/groups and Invicti Enterprise members/teams.

This topic explains how to synchronize users and/or groups in Microsoft Entra ID with Invicti Enterprise.

The following instructions only let you synchronize users and/or groups in Entra ID with Invicti Enterprise. For auto-provisioning and Single Sign-On, see Configuring Microsoft Entra ID (Azure Active Directory) Integration with SAML.

There are two steps to configure:

  1. Adding Invicti Enterprise to Entra ID
  2. Synchronizing users and groups in Entra ID with Invicti Enterprise
Step 1. How to add Invicti Enterprise to Entra ID
  1. Log in to the Entra ID Portal.
  2. From the Entra ID Services section, select Enterprise Applications.
  3. On the Enterprise applications page, select + New Application.
  1. On the Browse Entra ID Gallery (Preview) page, type Netsparker Enterprise into the search box.
  2. Select Netsparker Enterprise from the results panel.
  1. Select Create to add the application.

Wait for a while so that the app is added to your tenant.

Step 2. How to synchronize users and/or groups in Entra ID with Invicti Enterprise
  1. Log in to the Entra ID Portal.
  2. From the main page, go to Entra ID > Enterprise Applications > Netsparker Enterprise.
  3. On the left navigation pane, select Provisioning.
  4. Select Edit Provisioning.
    1. From the Provisioning Mode drop-down, select Automatic.
    2. In the Admin Credentials section, complete the details:
      1. Enter https://www.netsparkercloud.com/scim/v2 to the Tenant URL field. (For further information about the SCIM endpoints, see SCIM API)
      2. Enter your API Token into the Secret Token field. (For further information about API Token, see API Settings.)
      3. Select Test Connection to make sure that the connection works.
    3. In the Mappings section, configure the mapping between Entra ID users/groups and Invicti Enterprise members/teams.
    4. In the Settings section, enter a notification email if necessary and specify the Scope.
      • From the Scope drop-down, select the Sync only assigned users and groups option if you want to synchronize all users and groups added to Invicti Enterprise in Entra ID.
    5. In the Provisioning Status, select On.
    6. Select Save.
  1. In the Settings section, enter a notification email if necessary and specify the Scope.
    • From the Scope drop-down, select the Sync only assigned users and groups option if you want to synchronize all users and groups added to Invicti Enterprise in Entra ID.
  2. On the Provisioning window, select Start Provisioning to synchronize users with Invicti Enterprise.

The provisioning takes some time based on the number of users you added to the Invicti Enterprise application.

Once this initial synchronization is completed, the provisioning service goes into incremental synchronization mode. It makes changes to Invicti Enterprise based on the changes detected in Entra ID. This includes any changes, such as name and roles.

To view the Microsoft documentation, refer to Tutorial: Configure Netsparker Enterprise for automatic user provisioning