Skip to main content

Configuring Hyperproof roles for Microsoft Entra ID SCIM provisioning

You must be logged in to Microsoft Entra using one of the following roles: Application Administrator, Cloud Application Administrator, or Global Administrator.

To automatically assign Hyperproof roles to users during provisioning, you must create app roles in Microsoft Entra ID.

  1. Sign in to the Microsoft Entra Admin Center at https://entra.microsoft.com.

  2. Navigate to Entra ID > App registrations.

  3. Open the Hyperproof SCIM application you created. See Adding a Microsoft Entra non-gallery application for SCIM.

  4. From the left menu, select App roles.

  5. Click + Create app role as needed to create each of the following roles:

    • Role: Organization Administrator, complete the following fields:

      • Display name - Admin

      • Allowed member types - Users/Groups

      • Value - ORGANIZATION_ADMINISTRATOR

      • Description - Full administrative access to create and manage programs, controls, and settings.

      • Enable this app role - Checked

    • Role: Compliance Manager, complete the following fields:

      • Display name - Compliance manager

      • Allowed member types - Users/Groups

      • Value - COMPLIANCE_MANAGER

      • Description - Full access to create and manage programs and controls.

      • Enable this app role - Checked

    • Role: Limited access user

      • Display name - Limited access user

      • Allowed member types - Users/Groups

      • Value - LIMITED_ACCESS_USER

      • Description - Read-only access to assigned objects; can create work items and upload proof.

      • Enable this app role - Checked

  6. Click Apply after creating each role.

  7. Click the existing User role and update the following values:

    • Allowed member types - Users/Groups

    • Value - USER

    • Description - Can work on assigned tasks and controls

  8. Click Apply after editing this role.

Mapping roles to SCIM in Microsoft Entra ID

  1. Sign in to the Microsoft Entra Admin Center at https://entra.microsoft.com.

  2. Navigate to Enterprise apps.

  3. Open the Hyperproof SCIM application you created. See Adding a Microsoft Entra non-gallery application for SCIM.

  4. Select Provisioning.

  5. Select Attribute Mapping.

  6. Select Provision Microsoft Entra ID Users.

  7. Scroll to the bottom and click Add New Mapping.

  8. Configure the mapping as follows:

    • Mapping type - Expression

    • Expression - SingleAppRoleAssignment([appRoleAssignments])

    • Target attribute - roles[primary eq "True"].value

    • Apply this mapping - Always

  9. Click OK.

  10. Click Save.

For information on the entire workflow for configuring SCIM provisioning, see Microsoft Entra ID SCIM Configuration.

In this section: