Skip to main content

Configure SCIM with Entra ID

How to integrate Stack Overflow for Teams with the Entra ID identity provider.

Ryan Lindeman avatar
Written by Ryan Lindeman
Updated over a week ago

ADMIN PRIVILEGES REQUIRED

Applies to: Basic, Business

Enterprise users can access their documentation here. Find your plan.


A brief overview

SCIM is an open API for securely sharing user information between online systems. In Stack Overflow for Teams Basic and Business, SCIM 2.0 support allows an Identity Provider (IdP) to automatically update Stack Overflow with the user's activation status and/or role. This article details how to integrate Stack Overflow for Teams and the Entra ID IdP.

After following the Entra ID Enterprise Application instructions for setting up a SAML connection you will be able to set up SCIM provisioning for your application. Please note the SCIM provisioning limitations here.

NOTE: Before October 2023, Entra ID was called Azure Active Directory (Azure AD).

THIS ARTICLE APPLIES TO STACK OVERFLOW FOR TEAMS BASIC AND BUSINESS ONLY.
Stack Overflow for Teams Enterprise users should read this article instead. Find your plan.

1. Entra ID SCIM Setup for Stack Overflow for Teams

On Entra ID for the Stack Overflow application, in the left-hand menu click Provisioning then Get started.

For Provisioning Mode select Automatic.

Enter the following for Admin Credentials:

Tenant URL https://stackoverflowteams.com/c/[your_site]/auth/scim/v2
​ Secret Token Generated Token on Stack Overflow (see instructions below).

In Stack Overflow Business, enable SCIM and generate a SCIM authorization token for your application at /c/[your_site]/admin/access/scim. Note that this token will only be visible when you generate it. If it's lost, you'll need to generate a new token and reconfigure your Entra ID application.

Click Test Connection. A green checkmark should appear in Tenant URL on successful connection. Click Save.

2. Entra ID SCIM User Mapping

On "Mappings", you can set the mapping for users.

To prevent error messages, set Target Object Actions to just Update.

NOTE: Stack Overflow for Teams doesn't support Create or Delete actions via SCIM.

Configure the following attributes:

  • userName The user ID (must match the Display Name Assertion provided in /admin/access/authentication).

  • active (true/false) Determines whether or not the user should be deactivated or reactivated in Stack Overflow for Teams.

  • Other required fields for SCIM (Entra ID usually maps these automatically):

    • name.givenName

    • name.familyName

    • emails

  • stackUserType (optional) Allows you to change a user's role on your site. Values are Registered, Moderator, or Admin.


Need help? Submit an issue or question through our support portal.

Did this answer your question?