# Microsoft Entra ID

This guide assumes that you have already enabled SCIM on the Datasaur app and wish to use Microsoft Entra ID as the Identity Provider for both SAML and SCIM integration.

## Integrating SCIM 2.0 with Microsoft Entra ID

### Enabling SCIM provisioning

1. Open your **Enterprise Application** which should be created when enabling SAML.
2. Open the **Provisioning** tab.
3. Set the Provisioning Mode to **Automatic**.

<figure><img src="/files/i18EG1wnD9R28GgnpwfV" alt=""><figcaption><p>Enabling the SCIM provisioning with Microsoft Entra ID</p></figcaption></figure>

### Configuring SCIM 2.0

1. In the Admin Credentials section, do the following:
   1. Fill the **Tenant URL**: https\://\<datasaur-app-base-url>/api/teams/\<your-team-id>/scim/v2.
      1. Replace **\<datasaur-app-base-url>** and **\<your-team-id>** accordingly.
      2. For SaaS Datasaur-hosted, you can use **app.datasaur.ai** as the \<datasaur-app-base>. If you're self-hosted, adjust accordingly based on your domain.
      3. To get the team ID, it can easily be fetched from your URL. For example, if you are currently on <https://app.datasaur.ai/teams/1/projects>, your team ID is 1.
   2. Fill the **Secret Token** with the API key that you [generated before](/integrations/scim.md) from the Datasaur app.
2. Click the **Test Connection** button.
3. Click **Save** and turn on the **Provisioning Status**.

<figure><img src="/files/8FT6mz7ZwoZ0ORCCBe4F" alt=""><figcaption><p>Configuring the provisioning with Microsoft Entra ID</p></figcaption></figure>

## Provisioning Users to Datasaur

Once turned on, the provisioning process will run every 40 minutes. When the process starts, it will sync the state of all your assigned users to Datasaur.

If you want to skip waiting for 40 minutes, you can head to the **Provisioning**, then **Provision on demand** tab. Select the users you want and that should trigger the provisioning process for that particular user.

### Assigning people

1. Go to the **Users and groups** tab.
2. Click the **Add user/group**.
3. Select the user(s) you want to assign.
4. Click **assign**.
5. Wait for the provisioning sync period or provision on demand, the users should be added to the Workspace as Labeler.

### Assigning group

{% hint style="warning" %}
**Prerequisites:** Group provisioning requires that the SCIM implementation supports PATCH requests. Microsoft Entra ID will use PATCH operations to manage group membership changes.
{% endhint %}

1. Go to the **Users and groups** tab.
2. Click **Add user/group**.
3. Switch the selection to **Groups** and select the group(s) you want to assign.
4. Click **assign**.
5. Wait for the provisioning sync period or provision on demand, all members within the group will be added to the Workspace with their assigned roles.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.datasaur.ai/integrations/scim/microsoft-entra-id.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.