Explore documentation

Microsoft Azure / Entra ID SSO & SCIM provisioning

Integrate Microsoft Azure with Better Stack for Single Sign-On (SSO) and System for Cross-domain Identity Management (SCIM) provisioning.

SSO setup

Let's set up SSO for your organization using Microsoft Azure.

Steps

  1. Go to Single Sign-On Settings.
  2. Select Microsoft Azure from the list of providers.
  3. Log in to your Microsoft Azure account.
  4. Grant permissions to the Better Stack app.
  5. After seeing a flash message: "Azure Single Sign-On was successfully connected.", you're all set!

SCIM user provisioning

With Microsoft Azure SSO, you can also use the SCIM provisioning, which automates user management in Better Stack directly from Microsoft Azure.

Steps

  1. Go to Single Sign-On Settings → Provisioning → Enable provisioning button.
  2. Open the Better Stack Enterprise Application in your Azure account.
  3. Click Provisioning in the left menu.
  4. Select Automatic Provisioning Mode.
  5. Enter the Tenant URL: https://betterstack.com/scim/v2.
  6. Copy & Paste your Secret Token.
  7. Click Test Connection to ensure Azure can connect to Better Stack.
  8. Click Save.

Provisioning is now active. Users and teams will now be automatically pushed from Azure to Better Stack.

Group provisioning

Pushing user groups from Azure to Better Stack will create corresponding teams in Better Stack. Deprovisioning a group from Azure will delete the respective team and its resources in Better Stack.

Deprovisioning can cause data loss

Deprovisioning a group from Azure will permanently delete all resources associated with the team in Better Stack. Ensure that you have backed up or transferred any essential data before proceeding.

Role-based provisioning

Better Stack supports provisioning users based on their roles. You can configure the role attribute in Azure by following these steps:

  1. Go to Enable SCIM schema editor to enable custom attribute editing for SCIM provisioning.
  2. In the Azure portal, navigate to Enterprise Applications.
  3. Choose Better Stack from the list of applications.
  4. Navigate to Manage → Provisioning.
  5. Under Mappings, select Provision Azure Active Directory Users.
  6. Check the Show advanced options box, then click Edit attribute list for Better Stack.
  7. At the bottom of the attribute table, add a new attribute:
    • Name: roleName.
    • Exact case?: check the box.
    • Click Save, and confirm with Yes.
  8. Go back to Attribute Mapping page and click Add New Mapping.
    • Under Target attribute, select the newly added roleName attribute. You can now map it like any other attribute.

Role-based provisioning: Step-by-step video guide

Additional details

  • User removal: Deactivating a user in Azure will remove them from Better Stack.
  • Reactivation: Reactivating a user in Azure will automatically re-add them to Better Stack.

After configuring provisioning, use Azure’s provisioning logs to monitor user synchronization status. Ensure that the provisioning cycle is healthy and troubleshoot any errors as needed.

You can find more details in the Microsoft Entra SCIM provisioning tutorial.