Azure user provisioning integration with SCIM

If your organization uses Azure to manage your employees’ access to tools and services, you can take advantage of Azure’s “Provisioning” feature to automatically grant access to Contentful to your users, and even optionally synchronize membership in select Azure Groups with Contentful Teams.

The integration between Azure and Contentful that enables this provisioning to occur is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management).

The remainder of this guide is focused on enabling you to configure both Contentful and Azure to get provisioning up and running for your organization.

Features

The following provisioning features are supported by Contentful at present:

  • Create Users. Users in Azure that are assigned to the Contentful application in Azure are automatically added as members to your organization in Contentful.

  • Remove Users. Users in Contentful are removed when they do not require access anymore.

  • Provision Users into Teams. Import Groups from Azure to provision users into Teams. Teams can be used within Contentful to assign Space access and permissions for groups of users within your organization.

Presently, Contentful does not support the following Azure provisioning features, but may in the future:

  • Update user attributes

  • Disable (Deactivate) / Enable (reactivate) users

  • Sync password

  • Users import

  • Enhanced group push

Requirements

SCIM-based user provisioning is available to Enterprise customers on High Availability and Scale platform plans.

Enable provisioning functionality

In Contentful

  1. If you have not already done so, create a “Service User” account in Contentful to use with Azure provisioning. All provisioning permissions for Azure will be provided through this account. Contentful recommends that you choose “Owner” as the organization role for this account when you add it to your organization.

  2. Log out of Contentful with your normal user account and log in as the Service User you created in Step 1.

  3. Under Organization settings, click the Access Tools tab and select User provisioning from the drop-down menu

user-provisioning-menu

4. Click Generate personal access token to create an authentication token to be used for the provisioning tool in Azure:

SCIM configuration details - generate access token

5. A new window will open. Next, give your Personal Access Token a meaningful name and click Generate:

SCIM Authorization Token

6. The configuration details required for Azure will now be available for copying to Azure.

SCIM configuration details

7. Leave the browser window open and log into your Azure instance to complete the configuration on the Azure side.

In Azure

For instructions on configuring Azure on the Azure side, see the official Azure documentation.

Provision users

Azure users can be provisioned to Contentful. For more information about managing groups, see the official Azure documentation on how to manage users.

Troubleshooting

If you have questions or difficulties with your Contentful/Azure SCIM integration, please contact Contentful support via support@contentful.com.

Was this helpful?
add-circle arrow-right remove style-two-pin-marker subtract-circle