Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            SCIM 2.0 Integration: User Group Synchronisation

            Modified on Sun, 1 Jun at 5:58 PM

            STEM by Smart Space supports user group synchronisation via the SCIM 2.0 protocol, enabling automatic population of STEM groups based on Entra ID (formerly Azure AD) security or Microsoft 365 groups. This feature is especially useful when assigning users to STEM groups and managing access control.

            ✅ Prerequisites

            Before configuring the SCIM group synchronisation:

            1. Create or identify the Entra ID group
              Use either a Microsoft 365 group or a security group in Entra ID (formerly Azure AD).

              ℹ️ Consider using dynamic groups to automatically include users based on attributes such as department or location.

            2. Create the matching group in SmartSpace
              In STEM, navigate to Settings > Groups, and create a group that will be used for synchronisation.

            Configuration Steps

            1. Go to Settings > Integrations > SCIM 2 in SmartSpace.

            2. Under the AAD Group dropdown, select your Entra ID group.

            3. Under Groups / Teams, select the corresponding SmartSpace STEM group.

            4. Click Add to create the mapping.

            5. Click Save.

            ⚠️ Important Licensing Note

            If you're synchronising users for access control, ensure that you only include users who actually require access. Digital access control licences are issued and charged per user, so avoid synchronising large groups unnecessarily.

            Example Scenario

            • You have 5,000 total users in your organisation.

            • Only 500 users require access control provisioning.

            • ✅ In this case, create a new group with only those 500 users, and use that for SCIM sync.

            • ? Consider using a dynamic group filtered by job role, location, or other logic to automate this.

            Link Group to Enterprise Application

            To finalise the SCIM configuration:

            1. Open Microsoft Entra ID and go to Enterprise Applications.

            2. Select the application used for SCIM synchronisation (named SmartSpace SSO if you are following the standard naming convention).

            3. Go to Users and Groups.

            4. Click Add User / Group.

            5. Use the None selected link on the left to find and select your Entra ID group(s).

            6. Click Select, then Assign.

            7. You will return to the Users and Groups screen and should now see the group listed.

            Restart SCIM Provisioning

            1. In the SmartSpace SSO enterprise application, go to the Provisioning section on the left menu.

            2. Click Stop Provisioning.

            3. Then click Start Provisioning.

            ⏱ Within a few minutes, provisioning will resume and the user group data will sync to SmartSpace.

            Verifying Group Synchronisation

            1. In SmartSpace, go to STEM > Settings > Groups.

            2. On the Group Index page, check the user count next to each group.

            3. You should see the numbers update to reflect users provisioned from Entra ID.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0