Tags | SCIM | Provisioning | Azure | Entra ID |
ADMIN PRIVILEGES REQUIRED
Enterprise users can access their documentation here. Find your plan.
A brief overview
SCIM is an open API for securely sharing user information between online systems. In Stack Overflow for Teams Basic and Business, SCIM 2.0 support allows an Identity Provider (IdP) to automatically update Stack Overflow with the user's activation status and/or role. This article details how to integrate Stack Overflow for Teams and the Entra ID IdP.
After following the Entra ID Enterprise Application instructions for setting up a SAML connection you will be able to set up SCIM provisioning for your application. Please note the SCIM provisioning limitations here.
NOTE: Before October 2023, Entra ID was called Azure Active Directory (Azure AD).
THIS ARTICLE APPLIES TO STACK OVERFLOW FOR TEAMS BASIC AND BUSINESS ONLY.
Stack Overflow for Teams Enterprise users should read this article instead. Find your plan.
1. Entra ID SCIM Setup for Stack Overflow for Teams
On Entra ID for the Stack Overflow application, in the left-hand menu click Provisioning then Get started.
For Provisioning Mode select Automatic.
Enter the following for Admin Credentials:
Tenant URL https://stackoverflowteams.com/c/[your_site]/auth/scim/v2
β Secret Token Generated Token on Stack Overflow (see instructions below).
In Stack Overflow Business, enable SCIM and generate a SCIM authorization token for your application at /c/[your_site]/admin/access/scim. Note that this token will only be visible when you generate it. If it's lost, you'll need to generate a new token and reconfigure your Entra ID application.
Click Test Connection. A green checkmark should appear in Tenant URL on successful connection. Click Save.
2. Entra ID SCIM User Mapping
On "Mappings", you can set the mapping for users.
To prevent error messages, set Target Object Actions to just Update.
NOTE: Stack Overflow for Teams doesn't support Create or Delete actions via SCIM.
Configure the following attributes:
userName
The user ID (must match the Display Name Assertion provided in /admin/access/authentication).active
(true/false) Determines whether or not the user should be deactivated or reactivated in Stack Overflow for Teams.Other required fields for SCIM (Entra ID usually maps these automatically):
name.givenName
name.familyName
emails
stackUserType
(optional) Allows you to change a user's role on your site. Values are Registered, Moderator, or Admin.
Need help? Submit an issue or question through our support portal.