Set up SCIM with Microsoft Entra

This guide walks you through connecting Microsoft Entra to Attio for SCIM using a developer token.

If you're looking to enable Outlook email and calendar syncing for your team, see Connect Microsoft Entra ID for email and calendar sync.

Configure domain and token in AttioCopy link

First, make sure you have at least one verified domain on your workspace.

To connect your IDP using a developer token, you’ll need to be an Attio admin.

1. Click your workspace name and select Workspace settings.

2. Click Developers in the sidebar.

3. Click + New access token.

4. Give the token a name, such as "SCIM Management".

5. Set User Management to Read-write.

6. Copy the token and paste it into your identity provider's SCIM configuration.

Create a custom enterprise app in Microsoft EntraCopy link

For general help with this process, see Add an enterprise application in Microsoft's documentation.

1. In the Microsoft Entra admin center, go to Enterprise applications > All applications.

2. Click + New application.

3. Click + Create your own application.

4. Enter a name for the app, for example, "Attio SCIM".

5. Select Integrate any other application you don't find in the gallery (Non-gallery).

6. Click Create.

Configure the SCIM connectionCopy link

Once the app is created, connect it to Attio.

1. In your new app, click Provisioning in the left sidebar.

2. Click Connect your application.

3. Leave Authentication method set to Bearer authentication.

4. Enter the following:

   • Tenant URL: https://api.attio.com/scim/v2

   • Secret token: Paste the token you copied from Attio.

5. Click Test connection to confirm the setup is correct.

6. Once confirmed, click Create.

Microsoft Entra is now connected to Attio. Before provisioning users, you may want to configure automatic seat assignment. To learn more about how SCIM handles provisioning, roles, and teams, see Provision users and teams with SCIM.

Configure attribute mappingCopy link

After creating the configuration, Microsoft Entra sets up a default attribute mapping that includes more attributes than Attio supports. You can remove the unnecessary ones.

1. In the Microsoft Entra admin center, go to Enterprise applications > All applications.

2. Open the app you just created.

3. In the left sidebar, click Attribute mapping.

4. Click Provision Microsoft Entra ID Users.

5. Under Attribute Mappings, Attio supports the following four attributes. You can optionally delete the unsupported rows.

   • userName → userPrincipalName

   • active → Switch expression

   • name.givenName → givenName

   • name.familyName → surname

6. Click Save, and confirm.

Assign usersCopy link

To provision a user in Attio, first assign them to the app in Microsoft Entra.

1. In your app, click Users and groups in the left sidebar.

2. Click + Add user/group.

3. Under Users, search for and select the user you want to provision.

4. Click Select, then click Assign.

Provision usersCopy link

Once users are assigned, you can provision them to Attio immediately using on-demand provisioning, or wait for the next automatic sync cycle.

To provision a user on demand:

1. In the left sidebar, click Provisioning, then click Provision on demand.

2. Search for and select the user.

3. Click Provision.

Once provisioned, the user is added to your Attio workspace and receives an email notifying them they've been added.