Synchronize users and groups with SCIM 2.0

SCIM Integration in Flow Connect

Flow Connect supports System for Cross-domain Identity Management (SCIM) 2.0, an industry-standard protocol for automating the exchange of user and group information between identity providers (IdPs) and cloud applications.

With SCIM enabled, organizations can centrally manage user accounts and group memberships directly from their identity provider—such as Microsoft Entra ID (Azure AD) — without needing to manually create or update users inside Flow Connect.

The SCIM integration ensures that:

  • User provisioning and deprovisioning happen automatically when changes occur in the IdP.

  • Group assignments are synchronized, simplifying access management to applications in Flow Connect.

  • Security and compliance are improved through consistent, automated identity lifecycle management.

Once configured, Flow Connect will act as a SCIM 2.0 service provider, exposing secure endpoints for your IdP to connect to. This integration streamlines administration, reduces manual errors, and keeps user data up to date across your organization.

Configure Microsoft Entra ID

Create a new Enterprise Application

Sign in to the Microsoft Entra admin center with at least a Cloud Application Administrator role.

Navigate to Identity > Applications > Enterprise applications > All applications.

Click on New application.

Click on Create your own application.

Enter Flow Connect SCIM 2.0 as the name, select Integrate any other application you don’t find in the gallery, and then click Create.

Configure application

The application has been created and needs to be configured for Flow Connect. Click Connect your application.

To connect your application to your Flow Connect organization, you need to retrieve the required information from the organization page in Hub.

Set the authentication method to Bearer authentication.

Copy the tenant URL from Hub.

Generate a new token.

Make sure you save the token in a secure place. You will not be able to read it after the screen is closed.

The token will be valid for one year. After that, you need to generate a new token and update the connection in Entra.

After pasting the tenant URL and the secret token, click Test connection.

After successfully testing the connection, click Create.

Configure provisioning

Configure the groups that should be provisioned to Flow Connect. This means that the groups added will automatically be created, and the users who are members of those groups will also be created and added to the groups in Flow Connect.

Individual users can also be included in the provisioning if necessary.

Select Users and groups, then click Add user/group. Add the groups you want to synchronize with Flow Connect.

When all groups have been added, select Provisioning from the side menu.

Click Start provisioning to begin synchronizing users and groups with Flow Connect. Synchronization runs every 40 minutes.

Once the job has finished, you will find the users and groups in Flow Connect that were created by the SCIM integration.

PreviousTranslate applicationsNextReference

Last updated

Was this helpful?