Skip to main content
  1. Project Insight Help Center
  2. Project Insight Guide
  3. SCIM Integration

How to Use SCIM User Provisioning in Azure Entra ID with Project Insight

Richard Gold
  • Updated

SCIM user provisioning in Project Insight lets administrators connect Azure Entra ID to a Project Insight workspace so user records can be provisioned and mapped through Project Insight’s SCIM API. To set it up, create a non-gallery Enterprise Application in Azure Entra ID, connect it to the Project Insight SCIM Tenant URL, use a Project Insight REST API token as the Secret Key, test the connection, and then assign users or groups.

Best For

This article is best for Project Insight administrators, Azure Entra ID administrators, IT teams, and implementation teams who need to configure automated user provisioning between Azure Entra ID and Project Insight.

Before You Begin

Before configuring SCIM user provisioning, make sure you have:

  • Access to Azure Entra ID
  • Permission to create or manage Enterprise Applications
  • Your Project Insight workspace name
  • A Project Insight REST API token
  • The Project Insight SCIM Tenant URL format:

https://[YOUR_WORKSPACE].projectinsight.net/api/scim/v2/

 

How to Add a User Provisioning Application

Configuring user provisioning in Entra ID requires that a new app be registered and configured for user provisioning by following these steps:

  1. Open Entra ID in the Azure portal
  2. Navigate to Manage > Enterprise Apps
  3. Click the "+ New application" button at the top of the list
  4. Click the "+ Create your own application" button
  5. Give it an appropriate name and ensure that "Integrate with any other application you don't find in the gallery (Non-gallery)" option is selected
  6. After the app is created then select Manage > Provisioning
  7. Click the "Connect your application" button
  8. Enter the Tenant URL as: https://[YOUR_WORKSPACE].projectinsight.net/api/scim/v2/
  9. The Secret Key is your Project Insight REST API token (See: Create an API Token)
  10. Click the "Test connection" button
  11. After the connection succeeds then click the "Create" button

Now that the SCIM user provisioning application has been created you can assign users and groups to the application and configure the property mapping from Entra ID to Project Insight. See the SCIM Schema Documentation section below for the properties supported for mapping. 

 

SCIM Schema Documentation

This section provides detailed information about the SCIM (System for Cross-domain Identity Management) schema that is supported by the user provisioning feature of Project Insight, specifically for the User, EnterpriseUser, and ProjectInsightUserExtension schemas as defined in the provided JSON structure.

Overview

The SCIM schema adheres to the urn:ietf:params:scim:api:messages:2.0:ListResponse standard, containing three resource schemas: User, EnterpriseUser, and ProjectInsightUserExtension. Each schema defines attributes for managing user identity data, with specific properties such as type, mutability, and uniqueness. The schema definition can be accessed at the following location:

https://[YOUR_WORSPACE].projectinsight.net/api/scim/v2/Schemas

1. User Schema

ID: urn:ietf:params:scim:schemas:core:2.0:User
Description: Represents a User Account with core attributes for identity management.
Location: https://[YOUR_WORSPACE].projectinsight.net/api/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User

Attributes

Name Type MultiValued Required Description Project Insight Property
userName string false true Unique identifier for the User, typically used for login Username
name complex false false Components of the user's name First Name + Last Name
profileUrl reference false false URL of the user's online profile n/a
title string false false User's job title Title
active boolean false false Flag indicating whether the user is active IsActive
emails complex true false Email addresses of the user EmailAddress
phoneNumbers complex true false Phone numbers of the user Phone
addresses complex true false Physical mailing addresses of the user Address1, City, Region, PostCode, Country

Sub-Attributes

  • name:
    • familyName (string, readWrite, default, none): Family or last name.
    • givenName (string, readWrite, default, none): Given or first name.
  • emails, phoneNumbers:
    • value (string, readWrite, default, none): The email address or phone number.
    • type (string, readWrite, default, none): Type of contact (e.g., work, home).
    • primary (boolean, readWrite, default, none): Indicates if this is the primary contact.
  • addresses:
    • formatted (string, readOnly, default, none): Full mailing address.
    • streetAddress (string, readWrite, default, none): Street address component.
    • locality (string, readWrite, default, none): City or locality.
    • region (string, readWrite, default, none): State or region.
    • postalCode (string, readWrite, default, none): Postal code.
    • country (string, readWrite, default, none): Country.
    • type (string, readWrite, default, none): Type of address (e.g., work, home).
    • primary (boolean, readWrite, default, none): Indicates if this is the primary address.

2. EnterpriseUser Schema

ID: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
Description: Extends the User schema with enterprise-specific attributes.
Location: https://[YOUR_WORSPACE].projectinsight.net/api/scim/v2/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

Attributes

Name Type MultiValued Required Description Project Insight Property
organization string false false Organization the user belongs to Company
department string false false Department within the organization Department
manager complex false false User's manager UserManager

Sub-Attributes

  • manager:
    • value (string, readWrite, default, none): Manager's identifier.
    • $ref (reference, readWrite, default, none): Reference to the manager's user resource.
    • displayName (string, readWrite, default, none): Manager's display name.

3. ProjectInsightUserExtension Schema

ID: urn:projectinsight:params:scim:schemas:extension:projectinsightfields:1.0:User
Description: Custom fields for Project Insight user data.
Location: https://[YOUR_WORSPACE].projectinsight.net/api/scim/v2/Schemas/urn:projectinsight:params:scim:schemas:extension:projectinsightfields:1.0:User

Attributes

Name Type MultiValued Required Description Project Insight Property
resourceType string false false Resource type for the user Primary Resource Type
customField1 string false false Custom field 1 for the user Custom Field #1
customField2 string false false Custom field 2 for the user Custom Field #2
... ... ... ... ... ...
customField50 string false false Custom field 50 for the user Custom Field #50

Note: The ProjectInsightUserExtension schema includes 50 custom fields (customField1 to customField50), all of type string, non-multi-valued, non-required, non-case-exact, with readWrite mutability, default return behavior, and no uniqueness constraints. Each custom field is intended for storing additional user-specific data as defined by the Project Insight platform.

Notes

  • Mutability:
    • readWrite: Attribute can be read and written.
    • writeOnly: Attribute can only be written (e.g., password).
    • readOnly: Attribute can only be read (e.g., groups, addresses.formatted).
  • Returned:
    • default: Attribute is returned by default in responses.
    • never: Attribute is never returned (e.g., password).
  • Uniqueness:
    • server: Enforced uniqueness by the server (e.g., userName).
    • none: No uniqueness constraint.
  • CaseExact: Indicates if the attribute is case-sensitive (true for userName, false for others).

This schema supports identity management across systems, with core user attributes, enterprise extensions, and custom fields for flexibility in the Project Insight environment.

 

Frequently Asked Questions

What Is SCIM User Provisioning in Project Insight?

SCIM user provisioning allows administrators to connect Azure Entra ID to Project Insight so user identity data can be provisioned through Project Insight’s SCIM API.

What Tenant URL Should I Use for Project Insight SCIM Provisioning?

Use this format:

https://[YOUR_WORKSPACE].projectinsight.net/api/scim/v2/

Replace [YOUR_WORKSPACE] with your Project Insight workspace name.

What Secret Key Should I Use for SCIM Provisioning?

The Secret Key is your Project Insight REST API token.

Can Users and Groups Be Assigned After the SCIM Application Is Created?

Yes. After the SCIM user provisioning application has been created and the connection succeeds, you can assign users and groups to the application in Azure Entra ID.

Which SCIM Schemas Are Supported by Project Insight?

Project Insight supports the User schema, EnterpriseUser schema, and ProjectInsightUserExtension schema.

Can Project Insight Custom User Fields Be Mapped Through SCIM?

Yes. The ProjectInsightUserExtension schema supports custom fields from customField1 through customField50.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk