Sync Azure EntraID attributes to Immuta

Prerequisites

• Immuta and Azure EntraID SAML integration setup completed.

• SCIM is enabled and configured.

• Azure EntraID users have properties, attributes, and values configured on EntraID

Instructions and example

On EntraID

1. Validate properties and fields have values populated. For example, my user has both City and ZIP or postal code filled and available on EntraID:

   
2. Go to Azure -> Enterprise Applications > {{ enterprise application setup for the integration }} → Manage → Provisioning

3. From Provisioning module, go to Manage -> Provisioning -> Mappings:

   
4. We will use MS Entra ID Users for this example. Click “Provision Microsoft Entra ID Users” to configure how Attribute Mappings are synchronized between Microsoft Entra ID and customappsso(/custom, app, sso/)

   
5. If the customappsso attribute is available and has been created, go to “Add New Mapping” and source it with attribute and value from Entra ID:

   
6. If the customappsso attribute is not yet create, check “Show Advanced options”, and go to “Edit attribute list for customappsso”:

   
7. In this example, we will create an “zipcode” customappsso attribute and then “Save” changes afterward..

   
8. Once the attribute is created, go to “Add New Mapping” and configure the mapping within Entra for this customappsso attribute:

   
9. Save again once the mapping of customappsso attribute is completed:

   

On Immuta

1. Login as an admin user, go to App Settings -> 1. Identify Management -> {{your IAM Entra ID integration setup}} -> Profile Schema section, and check “sync attributes from SAML to Immuta”. Then enter the SCIM Schema and the IAM Immuta Attribute Prefix:

   
2. • “custom” inside SCIM Schema is what we defined on Azure EntraID for this example.

   • “entraid_attributes” is the attribute name/prefix when users are sync’ed from EntraID to Immuta.

3. Make sure to “Test Connection” and “Test User Login”, and then save the changes.

On EntraID

1. Go to Entra ID -> Enterprise Applications → {{you applications}} → Provision → click “Provision on demand”. Select an user and provision:

   

On Immuta

1. To review and validate, login to Immuta, select the user that was provisioned, go to “Setting” tab, you should see the attribute name/prefix along with the attribute from EntraID that was mapped in the IAM setting. Also, the values get mapped and sync’ed from EntraID to Immuta: