{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-apis/platform/iam/sidebars.yaml","oas-apis/platform/iam/openapi/iam-openapi.json":"oas-apis/platform/iam/openapi/iam-openapi.json"},"props":{"metadata":{"markdoc":{"tagList":["admonition","openapi-code-sample"]},"type":"markdown"},"seo":{"title":"Onboard a Team with SCIM","keywords":"documentation, api, portal, banking, payment, account information, aritma, psd2, open banking, reconciliation","description":"Developer documentation for Aritma's banking and financial APIs - payments, account information, webhooks, authentication and integrations.","meta":[{"name":"google-site-verification","content":"hplqlK_5O42BZjNnjtVQMEpxv9JkxcD1eH4J1T-NQmI"}],"llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":["openapi"],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"onboard-a-team-with-scim","__idx":0},"children":["Onboard a Team with SCIM"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Your organization uses SCIM to provision users from Entra ID. You want the Finance team group from Entra ID to sync automatically into Aritma, so you can grant the entire team access in one step — without managing users manually."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Approach:"]}," Create and populate the group in Entra ID, assign it to the SCIM application, wait for sync, then apply a single policy to the synced group in Aritma."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"prerequisites","__idx":1},"children":["Prerequisites"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["SCIM provisioning configured — see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/apis/platform/iam/use-cases/enterprise-sso"},"children":["Set Up Enterprise SSO and SCIM"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["An access token with IAM admin permissions"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The scope URI for the subscription you want to grant access to"]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-1-create-the-group-in-entra-id","__idx":2},"children":["Step 1: Create the group in Entra ID"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In the Azure portal, go to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Entra ID → Groups"]}," and create a new group named ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Finance Team"]},". Add the users who need access as members."]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Tip"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Group names sync as-is into Aritma. Use a consistent naming convention if you plan to manage multiple synced groups."]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-2-assign-the-group-to-your-scim-application","__idx":3},"children":["Step 2: Assign the group to your SCIM application"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["In ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Entra ID → Enterprise Applications"]},", open the application configured for Aritma SCIM provisioning. Under ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Users and groups"]},", add the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Finance Team"]}," group."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Entra ID will provision the group and its members to Aritma on the next sync cycle. You can trigger an immediate sync from the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Provisioning"]}," tab by clicking ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Provision on demand"]},"."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-3-verify-the-group-synced-in-aritma","__idx":4},"children":["Step 3: Verify the group synced in Aritma"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Retrieve all subject groups in your tenant and confirm the Finance Team group appears:"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"GetSubjectGroups","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Locate the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Finance Team"]}," entry in the response and note its ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subjectId"]}," — you will use it as the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject"]}," in the policy."]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"json","header":{"controls":{"copy":{}}},"source":"{\n  \"id\": \"7c9e6679-7425-40de-944b-e07fc1f90ae7\",\n  \"displayName\": \"Finance Team\",\n  \"subjectId\": \"group-7c9e6679-7425-40de-944b-e07fc1f90ae7\",\n  \"type\": \"Group\"\n}\n","lang":"json"},"children":[]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-4-assign-a-policy-to-the-synced-group","__idx":5},"children":["Step 4: Assign a policy to the synced group"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"CreatePolicy","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Use the group's ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subjectId"]}," as the policy ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject"]},". All current and future members of the group inherit this policy immediately — including new members added in Entra ID and synced via SCIM."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"next-steps","__idx":6},"children":["Next steps"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To add more users to the team, update group membership in Entra ID — SCIM will sync the changes automatically"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To revoke access for the entire team, delete the policy or remove the group assignment from the SCIM application"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To see what the group can currently do, use ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/apis/platform/iam/guides/groups#view-group-permissions"},"children":["View group permissions"]}]}]}]},"headings":[{"value":"Onboard a Team with SCIM","id":"onboard-a-team-with-scim","depth":1},{"value":"Prerequisites","id":"prerequisites","depth":2},{"value":"Step 1: Create the group in Entra ID","id":"step-1-create-the-group-in-entra-id","depth":2},{"value":"Step 2: Assign the group to your SCIM application","id":"step-2-assign-the-group-to-your-scim-application","depth":2},{"value":"Step 3: Verify the group synced in Aritma","id":"step-3-verify-the-group-synced-in-aritma","depth":2},{"value":"Step 4: Assign a policy to the synced group","id":"step-4-assign-a-policy-to-the-synced-group","depth":2},{"value":"Next steps","id":"next-steps","depth":2}],"frontmatter":{"title":"Onboard a Team with SCIM","seo":{"title":"Onboard a Team with SCIM"}},"lastModified":"2026-05-08T13:38:07.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/apis/platform/iam/use-cases/onboard-team-with-scim","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}