Skip to main content

Configuring Microsoft Entra ID attribute mappings for SCIM provisioning

You must be logged in to Microsoft Entra using one of the following roles: Application Administrator, Cloud Application Administrator, or Global Administrator.

For information on the entire workflow for configuring SCIM provisioning, see Microsoft Entra ID SCIM Configuration.

  1. Sign in to the Microsoft Entra Admin Center at https://entra.microsoft.com.

  2. Navigate to Entra ID > Enterprise apps.

  3. Open the Hyperproof SCIM application you created. See Adding a Microsoft Entra non-gallery application for SCIM.

  4. From the left menu, select Provisioning.

  5. Click the Attribute mapping section.

  6. Click Provision Microsoft Entra ID Users.

  7. Remove the following unnecessary mappings. Hyperproof doesn't use them:

    name.formatted

    addresses[type eq "work"].* (all address fields)

    phoneNumbers[type eq "work"].value

    phoneNumbers[type eq "mobile"].value

    phoneNumbers[type eq "fax"].value

    timezone

    externalId

    displayName displayName

    urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeId

    urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department

    urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager

  8. Make sure the following required mappings are configured:

    Hyperproof attribute

    Microsoft Entra ID attribute

    Matching precedence

    Notes

    userName

    userPrincipalName

    1

    Primary identifier

    emails[type eq "work"].value

    mail

    User's email address

    active

    Not([IsSoftDeleted])

    User status (active/inactive)

    name.givenName

    givenName

    First name (required)

    name.familyName

    surname

    Last name (required)

  9. Scroll to the bottom and click Add New Mapping.

  10. Configure the mapping as follows:

    • Mapping type - Expression

    • Expression - SingleAppRoleAssignment([appRoleAssignments])

    • Target attribute - roles[primary eq "True"].value

    • Apply this mapping - Always

  11. Click OK.

  12. Add the following optional mappings:

    These mappings are recommended for richer user data.

    Hyperproof attribute

    Microsoft Entra ID attribute

    title

    jobTitle

    locale

    preferredLanguage

  13. Optionally, configure group mappings as follows:

    1. Return to the Attribute mappings section.

    2. Click Provision Microsoft Entra ID Groups

    3. Keep these mappings:

      displayName → displayName

      members → members

    4. Delete any other default mappings.

  14. Click Save.

In this section: