This article guides how to configure Entra ID group provisioning via SCIM. Group provisioning is currently not supported in Hoxhunt's Entra ID gallery application. Enabling group provisioning requires you to set up additional custom application. Also note that group provisioning only works for users that are provisioned via SCIM, in other words, if user a user is added manually, even if they would belong to SCIM groups, they would not be provisioned.
For user provisioning, please refer to Configuring Entra ID SSO and SCIM article.
Configure SCIM group provisioning application in Entra ID
-
Go to Microsoft Entra Admin Center -> Enterprise applications.
-
Click New application.
-
Select Create your own application, give it a name (e.g., Hoxhunt SCIM (groups)).
-
Choose Integrate any other application you don’t find in the gallery (Non-gallery). and click Create.
Once the application is created:
-
Go to Properties and set Visible to users to No.
-
Go to Provisioning under Manage.
-
Set Provisioning Mode to Automatic.
-
Enter Tenant URL (https://app.hoxhunt.com/services/scim) and Secret Token. You can create the token in Hoxhunt Admin Portal -> Settings -> Automated User Provisioning.
-
After you have entered the Tenant URL and Secret Token, click Test Connection and Save.
NOTE: You need to use the same authentication token for both user provisioning and group provisioning applications. If you have configured user provisioning application already and you don't have the token available anymore, you need to create a new one and update it both SCIM provisioning applications.
-
After saving, expand Mappings and click Provision Microsoft Entra ID Users.
-
Untick Create, Update and Delete under Target Object Actions.
- Under Attribute Mappings set the source of userName attribute to mail and hit Save.
- Go one step back and click Provision Microsoft Entra ID Groups.
- Verify that attribute mappings are set as in the picture.
- Go one step back and expand Settings. Verify that Scope is set to Sync only assigned users and groups.
- Go to Users and Groups and click Add user/groups.
- Select the groups you want to provision and click Select and Assign.
- To test the configuration, go to Provision on demand.
- Write the group name to the search field and select at one least member and click Provision.
NOTE: It can take 40 to 60 minutes for the group information to provision to Hoxhunt. - Verify from Hoxhunt Admin Portal that the group can be found. You can either check it from user's profile or use SCIM group filter.
- After you have confirmed that group information is populated, go to Overview and click Start provisioning.