Configuring SCIM in Microsoft Entra
Enabling SCIM in Microsoft Entra
To configure SCIM in Microsoft Entra:
Login in to Microsoft Entra account.
In the Left navigation, browse to Identity > Applications > Enterprise applications.
The Enterprise applications | All applications page opens. On this page, either open an already existing application that you have created for single sign-on with data.world, or create a new one. If you are using an existing application, skip to Step 8.
To create a new application, click the New application button.
On the Browse Microsoft Entra Gallery page, click the Create your own application button.
On the Create your own application page that opens, set the following:
What's the name of your app: Provide a name for the application.
What are you looking to do with your application: Select Integrate any other application you don't find in the gallery (Non-gallery).
Click Create. The newly created application page opens.
The newly created application page opens.
In the left navigation of the application page, browse to Manage > Single sign-on and configure SSO with data.world.
In the left navigation of the application page, browse to Manage > Provisioning.
On the Automate identity lifecycle management with Microsoft Entra page, click the Get started button.
On the Provisioning page, set the following:
Set the Provisioning Mode to Automatic.
In the Admin Credentials section, in the Tenant URL field provide the URL as: https://api.data.world/v2/scim?aadOptscim062020. In the Secret Token field provide the service token you copied from data.world.
Click Test connection. to make sure you configured everything correctly.
Click Save.
Provisioning user groups in Microsoft Entra
Groups in Microsoft Entra serve the function of managing access to various resources. When setting up these groups, it is important to organize users based on similar access requirements. Once the groups are established and synced with data.world, they are transformed into Teams within data.world. You can subsequently assign these Teams to specific catalog organizations, allowing you to control their access to data.world resources efficiently.
To provision user groups in Microsoft Entra:
In the left navigation of the application page, click Manage > Users and groups.
Click the Add users and groups button and add your IDP user groups to the application.
Based on your configuration, the group will automatically get added in data.world as a team.
Likewise, remove the user group from the application to deprovision all the users in the group. If you want to revoke access of individual users, just removed them from the group that is provisioned to data.world.