SCIM provisioning using Microsoft Entra ID¶

Lightrun supports adding SCIM user provisioning capabilities to Microsoft Entra ID (formerly Azure Active Directory (AD)).

Lightrun supports using the open standard System for Cross-domain Identity Management (SCIM) to:

• Grant your users in your company seamless access to the Lightrun Application using their Azure credentials.
• Add, remove, and assign your users in your organization to Lightrun basic or manager roles.

For more information, see SCIM provisioning overview.

Prerequisites¶

To implement the Lightrun SCIM protocol, you need to be aligned with the following prerequisites.

• Lightrun supports Cross-domain Identity Management (SCIM 2.0).
• The Lightrun SCIM feature is only available to users on our Enterprise plan; please contact our Support team for more information.
• Enable SSO in the Identity Configuration page located under the Identity and Access Management tab. For more information, see SSO.
• Generate a dedicated API Key for your integration with SCIM. For more information, see Lightrun System API Keys.

Set up SCIM in Lightrun¶

1. Log in to your Lightrun account.

2. Navigate to the Identity and Access Management section > Identity Configuration > Provisioning section > SCIM.

   

3. To enable SCIM, click the SCIM toggle.

4. Select HTTP Header as your authentication method.
5. In the API KEY field, click API KEY to be routed to the API key page. You will need to generate an API Key and copy it to Microsoft Entra ID’s SCIM settings. The API Key is used for authentication and authorization between the SCIM server with and the connected Lightrun Management portal. For more information, see Lightrun API Keys.
6. In the URL from the SCIM API endpoint field, click Copy and save the URL.
7. Select the Provision existing users check box to shift the responsibility of managing your current Lightrun users to a chosen identity provider. For more information, see Provisiong Existing Lightrun Users with SCIM.

Proceed to configure Microsoft Entra ID as your identity provider.

Configure SCIM in Microsoft Entra ID¶

1. Sign in to the Microsoft Entra ID Portal, and click Enterprise applications in the sidebar.

   

2. Click +New Application in the top bar.

   

3. Click Create your own application.

   The Create your own application diaplog opens.

4. Provide a name for your <App-Lightrun> and click integrate any other application you don’t find in the gallery (Non-gallery), and click Create.

   

5. Click the Provisioning tab and Click Get Started.

   The New provisioning configuration dialog opens.

   

6. Scroll down to the Admin Credentials section, paste the fields that you saved in the SCIM page in the Lightrun Management Portal.

7. In the Tenant URL field, paste the URL you copied from Redirect URI in the SCIM page in the Lightrun Management Portal.
8. In the Secret Token field, paste the SCIM token you copied from the OAuth Bearer Token in the SCIM page in your Lightrun Management Portal.
9. To verify the configuration, click Test Connection.
10. Click Save
11. Navigate to the Mappings section, set:
    • Provision Azure Active Directory Group to No.
    • Provision Azure Active Directory Users to Yes.
12. Click Save.

13. Click Azure Active Directory Users.

    The Attribute Mapping dialog opens.

14. Validate that the following customappsso atrributes are set up. Remove any that do not appear on this list.

    

15. Click Save.

16. Return to Application Overview and toggle the Provisioning Status to On.

17. Click Save.

    The provisioning process takes a while. Wait for the process to complete.