SourceMagnet can be integrated with Entra ID using a SCIM integration. By integrating with Entra ID, you will have full control over which users can log into SourceMagnet, and permissions will automatically be withdrawn when people quit or change positions.
How to enable SCIM
1. Get provisioning secret from SourceMagnet
Click on your company name and select Access Management, select the Entra ID tab in SourceMagnet as an Admin or Owner, and get the provisioning secret.
2. Create an Enterprise application in Azure
Go to Enterprise Applications in Azure and create a Non-gallery application for provisioning.
In the new enterprise application, go to provisioning and
set the provisioning mode to "Automatic"
Enter the SCIM URL: https://bff.sourcemagnet.com/api/scim
Enter the provisioning secret from step 1.
4. Configure "Provision Microsoft Entra ID Users"
In attribute mappings for "Provision Microsoft Entra ID Users" validate or map the following properties:
userName
active (has no practical implications in SourceMagnet atm., but is required by Microsoft)
title
name.givenName
name.familyName
delete other mappings that are not listed above
Save changes
5. Configure "Provision Microsoft Entra ID Groups"
Turn on "Target Object Actions" for "Create", "Update", and "Delete".
In attribute mappings for "Provision Microsoft Entra ID Groups" validate or map the following properties:
displayName = displayName
externalId = objectId
members = members
Save changes
6. Create groups
The roles for å user will be defined based on the user's group membership in Entra ID.
Create the following groups with the exact Group names as below:
"SourceMagnetAdmin"
"SourceMagnetContractCreator"
"SourceMagnetContractViewer"
"SourceMagnetSourcingCreator"
"SourceMagnetSourcingViewer"
"SourceMagnetProjectCreator"
"SourceMagnetProjectViewer"
Assing group membership to users to give them the correct role in SourceMagnet.
A user that needs multiple roles must be assigned to multiple groups in Entra.
7. Give access to users/groups
In Azure, open Enterprise Application and select SourceMagnet app.
Go to "Users and groups"
Click "+ Add user/Group"
Add the groups or users that you want to give access to and select among the available roles.
💡 To give a user multiple roles in SourceMagnet, the user must be assigned to multiple groups. One group will give the user a "Sourcing creator" role, and one group will provide the user a "Contract creator" role.
8. Start provisioning
Start the provisioning
💡 You might have to add sourcemagnet.com to trusted domains.
Admin consent when logging in with Entra ID for the first time
When your organization connects SourceMagnet with Entra ID, two different Microsoft Entra applications are involved:
Enterprise App for user provisioning (SCIM):
This app is created and managed by your organization. It syncs users and groups between Entra ID and SourceMagnet. Only your IT administrators need access to this app.SourceMagnet Enterprise App used for authentication:
This app is hosted and managed by SourceMagnet and is used by all users when logging in via Entra ID.Name: SourceMagnet
App ID: c442b593-3f26-408d-8cff-42308de32314
The first time someone in your organization logs in, Microsoft will ask for admin consent for this app.
A Global Administrator or Cloud Application Administrator must approve this app to allow all users to sign in without further prompts.
Once approved, the consent applies to the entire organization.
💡 Tip: If a user encounters a message saying “Need admin approval” when trying to log in, contact your IT administrator to approve the SourceMagnet Enterprise App in the Microsoft Entra admin portal.