Configuring Microsoft Entra ID attribute mappings for SCIM provisioning
You must be logged in to Microsoft Entra using one of the following roles: Application Administrator, Cloud Application Administrator, or Global Administrator.
Sign in to the Microsoft Entra Admin Center.
Navigate to Entra ID > Enterprise apps.
Open the Hyperproof SCIM application you created. See Adding a Microsoft Entra non-gallery application for SCIM.
From the left menu, select Provisioning > Edit provisioning.
Expand the Mappings section.
Click Provision Microsoft Entra ID Users.
Make sure the following required mappings are configured:
Microsoft Entra ID attribute
Hyperproof attribute
Matching precedence
Notes
userPrincipalNameuserName1
Primary identifier
mailemails[type eq "work"].valueUser's email address
Switch([IsSoftDeleted])activeUser status (active/inactive)
givenNamename.givenNameFirst name (required)
surnamename.familyNameLast name (required)
Add the following optional mappings:
These mappings are recommended for richer user data.
Microsoft Entra ID attribute
Hyperproof attribute
jobTitletitlepreferredLanguagelocaleRemove the following unnecessary mappings. Hyperproof doesn't use them:
name.formattedaddresses[type eq "work"].*(all address fields)phoneNumbers[type eq "work"].valuephoneNumbers[type eq "mobile"].valuephoneNumbers[type eq "fax"].valuetimezoneexternalIddisplayName displayNameurn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeIdurn:ietf:params:scim:schemas:extension:enterprise:2.0:User:departmenturn:ietf:params:scim:schemas:extension:enterprise:2.0:User:managerOptionally, configure group mappings as follows:
Return to the Mappings section.
Click Provision Microsoft Entra ID Groups
Keep these mappings:
displayName → displayNamemembers → membersDelete any other default mappings.
Click Save.
For information on the entire workflow for configuring SCIM provisioning, see Microsoft Entra ID SCIM Configuration.