Azure user provisioning integration with SCIM

If your organization uses Azure to manage your employees’ access to tools and services, you can take advantage of Azure’s “Provisioning” feature to automatically grant access to Contentful to your users. Optionally, you can synchronize membership in select Azure Groups with Contentful Teams.

The integration between Azure and Contentful that enables this provisioning to occur is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management).

The remainder of this guide is focused on enabling you to configure both Contentful and Azure to get provisioning up and running for your organization.


The following provisioning features are supported by Contentful at present:

  • Create Users. Users in Azure that are assigned to the Contentful application in Azure are automatically added as members to your organization in Contentful.

  • Remove Users. Users in Contentful are removed when they do not require access anymore.

  • Provision Users into Teams. Import Groups from Azure to provision users into Teams. Teams can be used within Contentful to assign Space access and permissions for groups of users within your organization.

Presently, Contentful does not support the following Azure provisioning features, but may in the future:

  • Update user attributes

  • Disable (Deactivate) / Enable (reactivate) users

  • Sync password

  • Users import

  • Enhanced group push


SCIM-based user provisioning is available to Premium/Enterprise customers on High Availability and Scale platform plans.

Enable provisioning functionality

In Contentful

  1. If you have not already done so, create a “Service User” account in Contentful to use with Azure provisioning. All provisioning permissions for Azure will be provided through this account. Contentful recommends that you choose “Owner” as the organization role for this account when you add it to your organization.

  2. Log out of Contentful with your normal user account and log in as the Service User you created in Step 1.

  3. Under the Organization settings & subscriptions, click the Access Tools tab and select User provisioning from the drop-down menu.

  4. Click Generate personal access token to create an authentication token to be used for the provisioning tool in Azure.

  5. A new window is displayed. Next, give your Personal Access Token a meaningful name and click Generate.

  6. The configuration details required for Azure will now be available for copying to Azure.

  7. Leave the browser window open and log into your Azure instance to complete the configuration on the Azure side.

User provisioning organization settings

In Azure

For instructions on configuring Azure on the Azure side, see the official Azure documentation.

Provision users

Azure users can be provisioned to Contentful. For more information about managing groups, see the official Azure documentation on how to manage users.

Provision users into Contentful teams

Azure Groups and their members can be pushed to Contentful as teams and team members. For more information about managing groups, see Manage groups.


If you have questions or difficulties with your Contentful/Azure SCIM integration, please contact Contentful support via

Was this helpful?
add-circle arrow-right remove style-two-pin-marker subtract-circle remove