Skip to content

SCIM provisioning using Microsoft Entra ID

Note

Starting from Lightrun version 1.22, SCIM provisioning with Microsoft Entra ID is supported.

Lightrun supports adding SCIM user provisioning capabilities with Microsoft Entra ID (formerly Azure Active Directory (AD)). For more information, see SCIM provisioning overview.

Using the open standard System for Cross-domain Identity Management (SCIM), Lightrun enables you to:

  • Provide seamless access to Lightrun for your users using Microsoft Entra ID credentials.
  • Add, remove, and assign users to Lightrun's basic or manager roles in your organization.
  • As of version 1.51, provision Lightrun groups through SCIM, enabling delegation of group management to a supported identity provider (IdP). For more information, see Provision Lightrun Groups using SCIM.

Prerequisites

To implement SCIM provisioning in Lightrun, ensure the following prerequisites are met:

  • The Lightrun SCIM feature is available exclusively to Enterprise plan users; Contact the Support team for more information.
  • Lightrun supports Cross-domain Identity Management (SCIM 2.0).
  • Enable SSO in the Identity Configuration page located under the Identity and Access Management tab. For more information, see SSO.
  • Generate a dedicated API Key for SCIM integration. For more information, see Lightrun System API Keys.
  • To provision SCIM groups, ensure that RBAC is enabled and that the relevant Lightrun groups are pre-configured in the identity provider before migrating group management to SCIM.

Set up SCIM in Lightrun

  1. Log in to your Lightrun account.

  2. Navigate to the Identity and Access Management section > Identity Configuration > Provisioning section > SCIM.

    SCIM Provisioning

  3. To enable SCIM, click the SCIM toggle.

  4. Select HTTP Header as your authentication method.
  5. Click Save.
  6. In the API KEY field, click API KEY to be routed to the API key page. You will need to generate an API Key and copy it to Microsoft Entra ID’s SCIM settings. The API Key is used for authentication and authorization between the SCIM server with and the connected Lightrun Management portal. For more information, see Lightrun API Keys.
  7. In the URL from the SCIM API endpoint field, click Copy and save the URL.
  8. Select the Provision existing users checkbox to shift the responsibility of managing your current Lightrun users to a chosen identity provider. For more information, see Provisiong Existing Lightrun Users with SCIM.

  9. (Optional) Select the Sync SCIM groups check box. For more information, see [Provisioning Lightrun Groups using SCIM](SCIM provisioning Overview.

    Sync SCIM Groups

    The Enable groups sync dialog opens.

    Enable Sync Group --half

  10. click Enable.

Proceed to configure Microsoft Entra ID as your identity provider.

Configure SCIM in Microsoft Entra ID

  1. Sign in to the Microsoft Entra ID Portal, and click Enterprise applications in the sidebar.

    Enterprise Applications --third

  2. Click +New Application in the top bar.

    New Application

  3. Click Create your own application.

    The Create your own application dialog opens.

  4. Provide a name for your <App-Lightrun> and select integrate any other application you don’t find in the gallery (Non-gallery).

    Create new application

  5. Click Create.

  6. Click the Provisioning tab and Click Get Started.

    The New provisioning configuration dialog opens.

    Provisioning setup

  7. Scroll down to the Admin Credentials section, paste the fields that you saved in the SCIM page in the Lightrun Management Portal.

  8. In the Tenant URL field, paste the URL you copied from Redirect URI in the SCIM page in the Lightrun Management Portal.
  9. In the Secret Token field, paste the API Key from the API Keys page in your Lightrun Management Portal.
  10. To verify the configuration, click Test Connection.
  11. Select Provisioning to manage user account provisioning settings for Lightrun.
  12. Select a Mappings configuration to open the related Attribute Mapping dialog.
  13. Click Create
  14. Navigate to the Attribute mappings section, set:
    • Provision Microsoft Entra ID Groups to Yes.
    • Provision Microsoft Entra ID Users to Yes.
  15. Click Save.

  16. Click Users and groups.

    Users & Groups page

    The Users and Groups dialog opens.

  17. Click Add User/groups and select users and groups to be synched with Lightrun.

  18. Click Assign.

  19. Return to Application Overview and toggle the Provisioning Status to On.

  20. Click Save.

    The provisioning process takes a while. Wait for the process to complete.

Last update: February 20, 2025