Skip to main content

How to integrate with Entra ID using SCIM integration

In this article you learn how to set up the SCIM integration between SourceMagnet and Entra ID to sync roles

Fredrik Muri Slettestøl avatar
Written by Fredrik Muri Slettestøl
Updated over a week ago

SourceMagnet can be integrated with Entra ID using a SCIM integration. By integrating with Entra ID, you will have full control over which users can log into SourceMagnet, and permissions will automatically be withdrawn when people quit or change positions.

How to enable SCIM

1. Get provisioning secret from SourceMagnet

Click on your company name and select Access Management, select the Entra ID tab in SourceMagnet as an Admin or Owner, and get the provisioning secret.

2. Create an Enterprise application in Azure

Go to Enterprise Applications in Azure and create a Non-gallery application for provisioning.


In the new enterprise application, go to provisioning and

4. Configure "Provision Microsoft Entra ID Users"

In attribute mappings for "Provision Microsoft Entra ID Users" validate or map the following properties:

  • userName

  • active (has no practical implications in SourceMagnet atm., but is required by Microsoft)

  • title

  • name.givenName

  • name.familyName

  • delete other mappings that are not listed above

Save changes

5. Configure "Provision Microsoft Entra ID Groups"

Turn on "Target Object Actions" for "Create", "Update", and "Delete".

In attribute mappings for "Provision Microsoft Entra ID Groups" validate or map the following properties:

  • displayName = displayName

  • externalId = objectId

  • members = members

Save changes

6. Create groups

The roles for å user will be defined based on the user's group membership in Entra ID.
Create the following groups with the exact Group names as below:

  • "SourceMagnetAdmin"

  • "SourceMagnetContractCreator"

  • "SourceMagnetContractViewer"

  • "SourceMagnetSourcingCreator"

  • "SourceMagnetSourcingViewer"

  • "SourceMagnetProjectCreator"

  • "SourceMagnetProjectViewer"

Assing group membership to users to give them the correct role in SourceMagnet.

A user that needs multiple roles must be assigned to multiple groups in Entra.

7. Give access to users/groups

In Azure, open Enterprise Application and select SourceMagnet app.

Go to "Users and groups"

Click "+ Add user/Group"

Add the groups or users that you want to give access to and select among the available roles.

💡 To give a user multiple roles in SourceMagnet, the user must be assigned to multiple groups. One group will give the user a "Sourcing creator" role, and one group will provide the user a "Contract creator" role.

8. Start provisioning

Start the provisioning

💡 You might have to add sourcemagnet.com to trusted domains.

Admin consent when logging in with Entra ID for the first time

When your organization connects SourceMagnet with Entra ID, two different Microsoft Entra applications are involved:

  1. Enterprise App for user provisioning (SCIM):
    This app is created and managed by your organization. It syncs users and groups between Entra ID and SourceMagnet. Only your IT administrators need access to this app.

  2. SourceMagnet Enterprise App used for authentication:
    This app is hosted and managed by SourceMagnet and is used by all users when logging in via Entra ID.

    Name: SourceMagnet
    App ID: c442b593-3f26-408d-8cff-42308de32314

    • The first time someone in your organization logs in, Microsoft will ask for admin consent for this app.

    • A Global Administrator or Cloud Application Administrator must approve this app to allow all users to sign in without further prompts.

    • Once approved, the consent applies to the entire organization.

💡 Tip: If a user encounters a message saying “Need admin approval” when trying to log in, contact your IT administrator to approve the SourceMagnet Enterprise App in the Microsoft Entra admin portal.

Did this answer your question?