Sign inTry Free

IdP Configuration - Azure

On this page

SingleStore SCIM supports Azure with the SCIM 2.0 protocol and Microsoft Entra ID (Azure Active Directory).

Prerequisites

  • RBAC authorization for the Organization Team feature is enabled.

  • RBAC user sync should be enabled for the Engine RBAC at SingleStore database level.

SCIM Provisioning in the SingleStore Helios Portal

Follow the instructions specified in SCIM User Provisioning.

Note: SingleStore recommends that you check out the logAllRequests attribute to facilitate debugging.

SCIM Provisioning in the Azure Portal

The following steps should be used to set up SCIM in the Azure portal. Refer Azure documentation for additional information.

  1. If you do not have an existing enterprise application, then create it by clicking on Create your own application, Non-Gallery.

  2. API Endpoint and Secret:

    1. Use the API endpoint and secret from the SingleStore portal in the Provisioning section of the application.

    2. Ensure you add '/?aadOptscim062020' to the end of the URL. Refer: Known issues with SCIM for further details.

    3. Click on Test Connection.

    4. Check out the Send an email notification when a failure occurs option for easier debugging.

    5. Save the setting, (In case the grayed out buttons do not go back to normal display after saving, refresh the page.)

  3. Set up the SCIM attribute mapping:

    1. SCIM User: Ensure the primary email id is valid and current so that SingleStore can match to the correct user. It is strongly recommended to map userPrincipleName to email. However, if the userPrincipleName does not contain the primary email id, then enter the correct primary email id manually.

    2. Remove all unsupported attributes in the SCIM User mapping as shown in the screenshot below:

    3. SCIM Group: Leave the default settings.

  4. Test with Provision on demand.

    1. Add users/groups to the provision.

    2. Test adding a user to SingleStore. If adding a user syncs successfully, then the user should appear in the SingleStore Helios portal Users tab.

    3. Test other actions, such as delete.

  5. If all the above tests are successful, you can turn on the provisioning. Use the provision log to check for any errors or issues.

Remarks

  • When you create a new connection, wherein the SingleStore side does not have any details yet, but Azure has some of the previous provisioning information exisitng, this can cause an error.  In such a case, use Delete configuration in the Overview (preview) page to have a clean SCIM provision on the Azure side.

  • If the Azure provisioning system tries to sync with non-existent attributes then delete and again re-enter the Attributes mapping.

Last modified: December 15, 2025

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK

Try Out This Notebook to See What’s Possible in SingleStore

Get access to other groundbreaking datasets and engage with our community for expert advice.

Sign UpLog In