If your organization uses Azure to manage your employees’ access to tools and services, you can take advantage of Azure’s “Provisioning” feature to automatically grant access to Contentful to your users, and even optionally synchronize membership in select Azure Groups with Contentful Teams.
The integration between Azure and Contentful that enables this provisioning to occur is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management).
To view Azure's guide to configuring Contentful with Azure, see the official tutorial.
To learn more about how Azure works with SCIM, see the official Azure documentation.
The remainder of this guide is focused on enabling you to configure both Contentful and Azure to get provisioning up and running for your organization.
The following provisioning features are supported by Contentful at present:
Create Users. Users in Azure that are assigned to the Contentful application in Azure are automatically added as members to your organization in Contentful.
Remove Users. Users in Contentful are removed when they do not require access anymore.
Provision Users into Teams. Import Groups from Azure to provision users into Teams. Teams can be used within Contentful to assign Space access and permissions for groups of users within your organization.
Presently, Contentful does not support the following Azure provisioning features, but may in the future:
Update user attributes
Disable (Deactivate) / Enable (reactivate) users
Enhanced group push
SCIM-based user provisioning is available to Enterprise customers on High Availability and Scale platform plans.
If you have not already done so, create a “Service User” account in Contentful to use with Azure provisioning. All provisioning permissions for Azure will be provided through this account. Contentful recommends that you choose “Owner” as the organization role for this account when you add it to your organization.
Log out of Contentful with your normal user account and log in as the Service User you created in Step 1.
Under Organization settings, click the Access Tools tab and select User provisioning from the drop-down menu
4. Click Generate personal access token to create an authentication token to be used for the provisioning tool in Azure:
5. A new window will open. Next, give your Personal Access Token a meaningful name and click Generate:
6. The configuration details required for Azure will now be available for copying to Azure.
7. Leave the browser window open and log into your Azure instance to complete the configuration on the Azure side.
For instructions on configuring Azure on the Azure side, see the official Azure documentation.
Azure users can be provisioned to Contentful. For more information about managing groups, see the official Azure documentation on how to manage users.
If you have questions or difficulties with your Contentful/Azure SCIM integration, please contact Contentful support via email@example.com.