Azure user provisioning integration with SCIM
If your organization uses Azure to manage your employees’ access to tools and services, you can take advantage of Azure’s “Provisioning” feature to automatically grant access to Contentful to your users. Optionally, you can synchronize membership in select Azure Groups with Contentful Teams.
The integration between Azure and Contentful that enables this provisioning to occur is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management).
To view Azure's guide to configuring Contentful with Azure, see the official tutorial.
To learn more about how Azure works with SCIM, see the official Azure documentation.
The remainder of this guide is focused on enabling you to configure both Contentful and Azure to get provisioning up and running for your organization.
Features
The following provisioning features are supported by Contentful at present:
Create Users. Users in Azure that are assigned to the Contentful application in Azure are automatically added as members to your organization in Contentful.
Remove Users. Users in Contentful are removed when they do not require access anymore.
Provision Users into Teams. Import Groups from Azure to provision users into Teams. Teams can be used within Contentful to assign Space access and permissions for groups of users within your organization.
Presently, Contentful does not support the following Azure provisioning features, but may in the future:
Update user attributes
Disable (Deactivate) / Enable (reactivate) users
Sync password
Users import
Enhanced group push
Requirements
SCIM-based user provisioning is available to Premium/Enterprise customers on High Availability and Scale platform plans.
Enable provisioning functionality
In Contentful
If you have not already done so, create a “Service User” account in Contentful to use with Azure provisioning. All provisioning permissions for Azure will be provided through this account. Contentful recommends that you choose “Owner” as the organization role for this account when you add it to your organization.
Log out of Contentful with your normal user account and log in as the Service User you created in Step 1.
Under the Organization settings & subscriptions, click the Access Tools tab and select User provisioning from the drop-down menu.
Click Generate personal access token to create an authentication token to be used for the provisioning tool in Azure.
A new window is displayed. Next, give your Personal Access Token a meaningful name and click Generate.
The configuration details required for Azure will now be available for copying to Azure.
Leave the browser window open and log into your Azure instance to complete the configuration on the Azure side.
In Azure
For instructions on configuring Azure on the Azure side, see the official Azure documentation.
Provision users
Azure users can be provisioned to Contentful. For more information about managing groups, see the official Azure documentation on how to manage users.
Provision users into Contentful teams
Azure Groups and their members can be pushed to Contentful as teams and team members. For more information about managing groups, see Manage groups.
Troubleshooting
If you have questions or difficulties with your Contentful/Azure SCIM integration, please contact Contentful support via support@contentful.com.