Enable Users Auto-Sync with Azure AD

This guide explains how to configure Kubiya to automatically synchronize user accounts from your Microsoft Azure Active Directory (Azure AD) tenant using SCIM provisioning.

Prerequisites

Before configuring user auto-sync:

• Ensure you have already configured Azure AD login
• Administrator access to both Azure AD and Kubiya

Configure SCIM Provisioning with Microsoft Entra ID

Step 1: Obtain SCIM Connection Details

The Kubiya support team will provide you with:

• SCIM Token
• SCIM URL

Contact Kubiya support to request these credentials.

Step 2: Configure SCIM Provisioning in Microsoft Entra ID

1. Log in to the entraID admin page
2. Visit Applications > Enterprise applications and select your app
3. Navigate to Provisioning
4. On the Provisioning page, click on New configuration.
5. Fill the form as with the values you recieved from Kubiya team and click Test Connection then Create

Step 3: Configure User Attribute Mappings

1. Under Mappings, select Provision Microsoft Entra ID Users
2. Go to Attribute Mappings
3. Edit the following attribute values to ensure proper mapping:
   • externalId
   • emails[type eq "work"].value and mail
4. Click Save

For additional assistance, contact Kubiya support.