IdP Configuration - Azure
On this page
SingleStore SCIM supports Azure with the SCIM 2.
Prerequisites
-
RBAC authorization for the Organization Team feature.
-
RBAC user sync for the Engine RBAC at SingleStore database level.
SCIM Provisioning in the SingleStore Helios Portal
Follow the instructions specified in SCIM User Provisioning.
SingleStore recommends that you check out the logAllRequests attribute for SCIM Connection to facilitate debugging.
SCIM Provisioning in the Azure Portal
The following steps should be used to set up SCIM in the Azure portal.
-
If you do not have an existing enterprise application, then create it by clicking on Create your own application, Non-Gallery.
-
Use the API endpoint and secret from the SingleStore portal SCIM connection in the Provisioning section of the application.
(Note: You MUST add '/?aadOptscim062020' to the end of the URL. ) Click on Test Connection.
SingleStore recommends you check out the Send an email notification when a failure occurs option.
Once you save, the grayed out buttons should become normal. If not, refresh the page. -
Set up the SCIM attribute mapping:
SCIMUser
A primary email is required for SingleStore to match users.
You must ensure the primary email is valid and current. It is strongly recommended to map userPrincipleName to email. However, if userPrincipleName` does not contain the primary email, then enter the correct primary email manually. Remove all unsupported attributes in the SCIM User mapping as shown in the screenshot below:
SCIM Group:
Leave as default.
-
Test with Provision on demand.
a.
Add users/groups to the provision. b.
Test sync a user to SingleStore. If adding a user syncs successfully, then the user should appear in the SingleStore Helios portal Users tab. c.
Test other actions, such as delete. -
If all the above tests are successful, you can turn on the provisioning.
Use the provision log to check in case there is any problem.
Remarks
-
If you want to create a new SCIM connection, wherein the SingleStore side does not have any details yet but Azure may have some of the previous provisioning information, this could cause an error.
In such a case, use Delete configuration in the Overview (preview) page to have a clean SCIM provision on the Azure side. -
If the Azure provisioning system tries to sync with non-exists attributes then remove and again re-enter the Attributes mapping.
Last modified: March 12, 2025