📄️ Register a service principal for the EntraID SCIM Microservice
To access resources secured by your EntraID tenant, the EntraID SCIM microservice needs to be represented within the tenant by a security principal. The security principal is an application you create in your tenant to provide the necessary authentication context needed by the microservice to call the Microsoft Graph API.
📄️ Create an App Service for the EntraID SCIM Microservice
EmpowerID uses the EntraID SCIM Microservice to make API calls to your Azure tenant in response to your actions in EmpowerID. As part of the deployment process for the microservice, an app service needs to be created to host the microservice and configured for EntraID authentication, as well as with a managed identity that can be granted permissions to access resources protected by EntraID.
📄️ Publish the EntraID SCIM Microservice to Azure
After you create and configure an app service for the EntraID SCIM microservice, you need to publish the microservice to your app service to make API calls to EntraID.
📄️ Assign Permissions to the App Service
The EntraID SCIM microservice requires specific permissions to interact with Microsoft Graph API and Azure resources. You can implement permissions using two approaches: tenant-wide application permissions for simplicity, or custom Azure roles with least privilege for enhanced security. Choose the approach that best aligns with your organization's security policies and compliance requirements.
📄️ Connect to EntraID
After setting up Azure and publishing the EmpowerID EntraID SCIM microservice to your Azure tenant, you need to connect EmpowerID to the tenant to bring the user and group information in that tenant into EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories.