{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-apis/platform/iam/sidebars.yaml","oas-apis/platform/iam/openapi/iam-openapi.json":"oas-apis/platform/iam/openapi/iam-openapi.json"},"props":{"metadata":{"markdoc":{"tagList":["openapi-code-sample","admonition"]},"type":"markdown"},"seo":{"title":"Set Up Enterprise SSO and SCIM","keywords":"documentation, api, portal, banking, payment, account information, aritma, psd2, open banking, reconciliation","description":"Developer documentation for Aritma's banking and financial APIs - payments, account information, webhooks, authentication and integrations.","meta":[{"name":"google-site-verification","content":"hplqlK_5O42BZjNnjtVQMEpxv9JkxcD1eH4J1T-NQmI"}],"llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":["openapi"],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"set-up-enterprise-sso-and-scim","__idx":0},"children":["Set Up Enterprise SSO and SCIM"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Your organization uses Microsoft Entra ID. You want users to log in with their corporate credentials and have Entra ID automatically manage which users exist in Aritma."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Approach:"]}," Configure Azure AD SSO for authentication, then enable SCIM so Entra ID manages the full user lifecycle — creating and deprovisioning users in Aritma as they are assigned or removed in the directory."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"prerequisites","__idx":1},"children":["Prerequisites"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["An access token with IAM admin permissions"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["A configured tenant"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Access to the Azure portal to configure Entra ID"]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-1-register-an-azure-ad-sso-provider","__idx":2},"children":["Step 1: Register an Azure AD SSO provider"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"AzureCreateIdentityProvider","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Note the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["scheme"]}," you chose — you will use it in the next step."]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Auto-provisioning"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["autoProvisioningEnabled"]}," controls just-in-time user creation at login time. With SCIM configured, users are pre-created by Entra ID before they ever log in, so ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["autoProvisioningEnabled"]}," is not required for this setup. Enable it only if you also want to support logins from users not yet provisioned via SCIM."]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-2-create-a-scim-token-linked-to-the-provider","__idx":3},"children":["Step 2: Create a SCIM token linked to the provider"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"CreateScimToken","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["provider"]}," field must match the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["scheme"]}," you chose for the SSO provider above. Store the returned token value securely — it is only shown once."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-3-configure-entra-id","__idx":4},"children":["Step 3: Configure Entra ID"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In the Azure portal, go to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Entra ID → Enterprise Applications"]}," and create a new application. Under ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Provisioning"]},", set:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Tenant URL"]}," — your Aritma SCIM endpoint"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Secret Token"]}," — the token from step 2"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Once saved, Entra ID will begin provisioning users assigned to the application. And users can log in using Entra ID."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"next-steps","__idx":5},"children":["Next steps"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To update the SSO provider configuration later, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/apis/platform/iam/sso/overview"},"children":["SSO Setup"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To manage SCIM tokens, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/apis/platform/iam/scim/overview"},"children":["SCIM Provisioning"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To verify your domain, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/apis/platform/iam/guides/domains"},"children":["Domains"]}]}]}]},"headings":[{"value":"Set Up Enterprise SSO and SCIM","id":"set-up-enterprise-sso-and-scim","depth":1},{"value":"Prerequisites","id":"prerequisites","depth":2},{"value":"Step 1: Register an Azure AD SSO provider","id":"step-1-register-an-azure-ad-sso-provider","depth":2},{"value":"Step 2: Create a SCIM token linked to the provider","id":"step-2-create-a-scim-token-linked-to-the-provider","depth":2},{"value":"Step 3: Configure Entra ID","id":"step-3-configure-entra-id","depth":2},{"value":"Next steps","id":"next-steps","depth":2}],"frontmatter":{"title":"Set Up Enterprise SSO and SCIM","seo":{"title":"Set Up Enterprise SSO and SCIM"}},"lastModified":"2026-05-08T13:38:07.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/apis/platform/iam/use-cases/enterprise-sso","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}