SCIM Directory Integration - Azure Active Directory

By Emalee Firestein

Configure a SCIM user-directory integration with Azure Active Directory

Before You Begin

  • Complete the steps outlined in the SCIM Directory Integration support article to set up a new SCIM user directory in your Kandji instance. You will need to obtain the SCIM access token and API URL.
  • Copy and store the token provided as outlined in the SCIM Directory Integration article. The token will not be visible once you click Done and will be required in a later step.
  • Be sure to review the supported user and group attributes listed in the SCIM Directory Integration.

Create the SCIM Integration in Azure

  1. Sign in to
  2. Open the menu in the top left corner.
  3. Select Azure Active Directory.T370maJwW-7IqFSKTDTr7p980uDmWMh3jw
  4. In the Manage section, select Enterprise applications
  5. Select New application, or if you have already created a SAML single sign-on application, you can select that application and add SCIM.
  6. Select Create your own application.
  7. Give the application a name.
  8. Select Integrate any other application you don't find in the gallery (Non-gallery)._aHdpCXkXcNqNookwdBQPp9zxY6MelfYHA
  9. Click Create.
  10. You will be taken to the Overview page for the newly created app.
  11. In the left-hand navigation, select Provisioning.
  12. Click Get started.
  13. For Provisioning Mode, select Automatic.
  14. If the Admin Credentials section doesn't display details, click the reveal triangle to expand it.
  15. Paste the Kandji SCIM API URL that you copied earlier into the Tenant URL field.
  16. Paste the API token that you copied earlier into the Secret Token field.
  17. Click Test Connection. You should see a successful test notification.
  18. In the upper-left corner, click Save, then click the X in the upper-right corner to close the settings.R1VHmIGhlMnxr5sCLqP15_HN9xFJTWlUfQ
  19. Once back in the Provisioning overview, click Edit provisioning.
  20. Expand the Mappings reveal triangle and ensure that both Groups and Users are enabled.

Note: if you are on the free tier of Azure, group assignment is not supported.
  1. Expand the Settings reveal triangle.

  2. For Scope, choose Sync only assigned users and groups.

  3. Set the Provisioning Status to On.

  4. Click Save, then click the X in the upper-right corner to close the settings.FCe05pTOz2UhKGA7PsWScTgJX8UGn9bDvw

  5. Select Users and groups in the left sidebar, click Add user/group and add the users or groups you want to provision in Kandji. If you are using the free Azure tier, you will only assign users to the app.

  6. In Kandji, click the Users module in the left sidebar, then click Users Without Devices. If Kandji does not display users, go back to the SCIM app in Azure, click Stop provisioning, then click Start provisioning.

Syncing User syncing is one-way, meaning the Azure SCIM app will send user information to Kandji only when there is new information to be sent. Therefore, a Sync Now option is not available in the web app.