SCIM Provisioning with EntraID

Formerly Azure ActiveDirectory

Written By Jaime Dorn (Super Administrator)

Updated at February 24th, 2026

Table of Contents

Initial Preparation Application Set Up: Create a Non-Gallery Application Assign users and groups Provisioning Configuration Provision User Accounts Configure Provisioning Update Attribute Mapping & Activation Disable the Group Provisioning Update the User Provisioning Settings Final Notes on SCIM in ApartmentIQ

This document provides a comprehensive walkthrough for setting up SCIM (System for Cross-domain Identity Management) provisioning between Microsoft EntraID and ApartmentIQ. By enabling SCIM, you can automate your identity lifecycle management, allowing EntraID to automatically create, update, and delete user accounts in ApartmentIQ as employees join or leave your organization.

The setup process is divided into several key stages:

Initial Preparation: Coordinating with your ApartmentIQ Customer Success Manager (CSM) to receive your unique Tenant URL and Secret Token.
Application Set Up: Creating or identifying the ApartmentIQ enterprise application within the EntraID portal.
Provisioning Configuration: Setting the provisioning mode to "Automatic" and establishing a secure connection using your admin credentials.
Update Attribute Mapping & Activation: Customizing data flow to ensure only supported fields—such as userName, emails, and name—are synchronized between systems. Disabling group provisioning (if applicable) and starting the provisioning cycle to begin synchronizing users.
Final Notes on SCIM

Initial Preparation

Before you begin, contact your ApartmentIQ Customer Success Manager (CSM) and ask them to enable SCIM and provide an access token and Tenant URL.

Application Set Up: Create a Non-Gallery Application

Skip to the Provision User Accounts section if you’ve already created a non-Gallery application for SAML SSO. For more information on SAML SSO, please see the document SAML SSO with EntraID.

Open the Applications section in the side panel and click on Enterprise applications

Click on the “New Application” button

Click on "Create Your Own Application"

In the Create your own application form, enter ApartmentIQ into the name of your app field, choose the "Non-Gallery Option" and click the “Create” button

Assign users and groups

You can assign users and groups to the application now. This document assumes that you know how to do this already.

Provisioning Configuration

Provision User Accounts

Click on the “Get Started” link in the Provision User Accounts card in your Application

Click on the “Get Started” button on the next page

Choose “Automatic” in the Provisioning Mode select field

Configure Provisioning

Enter the Tenant URL provided by your CSM in the Tenant URL field.

Enter the Secret Token provided by your CSM in the Secret Token field and click “Save”

Update Attribute Mapping & Activation

Disable the Group Provisioning

Update the User Provisioning Settings

ApartmentIQ supports the following fields:

userName
emails[type eq "work"].value
name.givenName
name.familyName
externalId

Remove the rest

Click "Start Provisioning"

Final Notes on SCIM in ApartmentIQ

SCIM will handle access to ApartmentIQ, but does not assign user roles (Admin, Manager, Editor or Read Only), or access to specific features. The following must be done manually in the Manage Users section of ApartmentIQ:

Assign Market Surveys: You must manually assign specific market surveys to new users.
User Roles: You must select a role (Admin, Manager, Editor, or Read Only), as SCIM cannot currently automate role assignment.
Premium Tools: To enable Research Pro or Explore Pro seats, you must contact your CSM/Support. (Self-service toggles are coming soon) .

If you need additional support, please reach out to your CSM, or contact our Support Team.

scim
sso

ApartmentIQ Knowledge