Documentation

Unity Cloud

Get Started

Asset Manager SDKs and services

Open Unity Dashboard

Unity Cloud

Set up SCIM with Microsoft Entra

Automate the provisioning and deprovisioning of Entra users
Read time 2 minutesLast updated a day ago

Prerequisites

Before you set up System for Cross-domain Identity Management (SCIM) for Entra, ensure these requirements are met:
  • You have set up single sign-on (SSO) for an organization in Unity Cloud. You have added, to your SSO setup, the domains whose users you want to automate provisioning for. Unity has validated these domains. Read more about creating an organization and setting up SSO.
  • An Entra instance exists and manages these users.
  • An existing Entra application is set up with Unity SSO.

1. Provision a service account

Before you configure SCIM, provision a Unity service account:
  1. Go to the Unity Dashboard.
  2. To switch to the organization for which you want to set up SCIM, select your organization name, select Switch organization, and then select an organization.
  3. Go to Administration > Service accounts.
  4. To create a service account, select New.
  5. Enter a name and a description for the service account, and then select Create. Unity creates a service account and displays its details.
  6. Assign the SCIM Authenticator role to the account:
    1. In the Organization Roles section, select Manage Organization Roles.
    2. Set Admin to 
      SCIM Authenticator
      , and then select Save.
  7. Create a long-lived bearer token for the authentication and use of the service account:
    1. In the Bearer tokens section, select Add bearer token.
    2. Copy the bearer token and keep it. Your Identity Provider (IdP) service requires this information.
Read more about creating a Unity service account in the Unity Services documentation.

2. Fetch the SCIM connector URL for your organization

  1. On a new tab, go to the Unity Dashboard.
  2. Switch to the organization for which you want to set up SCIM.
  3. Go to Administration > Single sign on.
  4. In the SCIM section, locate the field for the SCIM base connector URL and copy the value. Your IdP service requires this information.

3. In Entra, turn on SCIM for the provisioning of users

  1. On a new tab, sign in to your Microsoft Entra admin instance with an admin account.
  2. Go to Entra ID > Enterprise Apps, and then select your Unity SSO application.
  3. On the Overview tab, select Provision User Accounts.
  4. Select Create configuration > Connect your application.
  5. Set this configuration:
    • Select authentication method: bearer authentication
    • Tenant URL: the value of the SCIM base connector URL that you have copied from Unity Cloud
    • Secret token: the long-lived bearer token that you have generated for your service account
  6. Select Test Connection. Entra verifies the setup and informs you of any errors.
  7. Select Start provisioning. Entra starts the batch provisioning of users, which runs every 40 minutes. Entra begins by provisioning the users that you have already added to this application.

4. In Entra, provision users on demand

To trigger the immediate provisioning of specific Entra users, complete these steps:
  1. Ensure that the users have been added to the application:
    1. Go to Users and groups.
    2. If the users aren't listed as members of the application, select Add user/group to add them.
  2. Go to Provision on demand.
  3. Select the users you want to immediately provision, and then select Provision. Entra immediately provisions these users.

Next steps

Optionally, enforce SCIM provisioning