Explore GTM Atlas. Mapped by operators at Lovable, Vercel, Intercom, and more.

Set up SCIM with Microsoft Entra

Automate member provisioning with Microsoft Entra.

Table of Contents

Available on enterprise plan.

Only admins can configure SCIM.

This guide walks you through connecting Microsoft Entra to Attio for SCIM using a developer token.

If you're looking to enable Outlook email and calendar syncing for your team, see Connect Microsoft Entra ID for email and calendar sync.

Configure domain and token in Attio

Only an Attio admin can complete these steps. To get started:

  1. If you haven't already, verify a domain for your workspace.

  2. Click your workspace name and select Workspace settings.

  3. Click Developers in the sidebar.

  4. Generate a SCIM token.

Create a custom enterprise app in Microsoft Entra

For general help with this process, see Add an enterprise application in Microsoft's documentation.

  1. In the Microsoft Entra admin center, go to Enterprise applications > All applications.

  2. Click + New application.

  3. Click + Create your own application.

  4. Enter a name for the app, for example, "Attio SCIM".

  5. Select Integrate any other application you don't find in the gallery (Non-gallery).

  6. Click Create.

Configure the SCIM connection

Once the app is created, connect it to Attio.

  1. In your new app, click Provisioning in the left sidebar.

  2. Click Connect your application.

  3. Leave Authentication method set to Bearer authentication.

  4. Enter the following:

    • Tenant URL: https://api.attio.com/scim/v2

    • Secret token: Paste the token you copied from Attio.

  5. Click Test connection to confirm the setup is correct.

  6. Once confirmed, click Create.

Microsoft Entra is now connected to Attio. Before provisioning users, you may want to configure automatic seat assignment. To learn more about how SCIM handles provisioning, roles, and teams, see Provision users and teams with SCIM.

Configure attribute mapping

After creating the configuration, Microsoft Entra sets up a default attribute mapping that includes more attributes than Attio supports. You can remove the unnecessary ones.

  1. In the Microsoft Entra admin center, go to Enterprise applications > All applications.

  2. Open the app you just created.

  3. In the left sidebar, click Attribute mapping.

  4. Click Provision Microsoft Entra ID Users.

  5. Under Attribute Mappings, Attio supports the following four attributes. You can optionally delete the unsupported rows.

    • userNameuserPrincipalName

    • active → Switch expression

    • name.givenNamegivenName

    • name.familyNamesurname

  6. Click Save, and confirm.

Assign users

To provision a user in Attio, first assign them to the app in Microsoft Entra.

  1. In your app, click Users and groups in the left sidebar.

  2. Click + Add user/group.

  3. Under Users, search for and select the user you want to provision.

  4. Click Select, then click Assign.

Provision users

Once users are assigned, you can provision them to Attio immediately using on-demand provisioning, or wait for the next automatic sync cycle.

To provision a user on demand:

  1. In the left sidebar, click Provisioning, then click Provision on demand.

  2. Search for and select the user.

  3. Click Provision.

Once provisioned, the user is added to your Attio workspace and receives an email notifying them they've been added.

Frequently asked questions