IdP | User | Group | Role | Interval |
---|---|---|---|---|
Entra ID (Azure AD) | Sync name and email | Sync group email and membership | ❌ | 40 minutes |
Prerequisites
- You must be the Workspace Admin to configure SCIM.
- Configure External URL.
Entra ID
Tutorial: Managing user account provisioning for enterprise apps in Entra
Create enterprise application
Sign in to the Entra ID Admin Center Dashboard. Select Enterprise applications and click New application.

Create provision
Go to the application detail page. Select Provision User Accounts.



Bytebase endpoint implements SCIM protocol, please make sure you have configured External URL and it’s network accessible from Entra.

Endpoint
and Secret Token
above to Tenant URL
and Secret Token
respectively.
Click Test Connection and save upon success.

Edit attribute mapping
Continue the provision, click Mappings and click Provision Microsoft Entra ID Groups.
Bytebase relies on email to uniquely identify an user. Thus you need to disable the
displayName
mapping and only
enable the id
mapping and use mail
as the source attribute.displayName
row.

No
.

externalId
row.

- Change Source attribute to
mail
. - Change Match objects using this attribute to
Yes
. - Set Matching precedence to
1
.


Assign users and groups
In order for your users and groups to be synced to Bytebase, you will need to assign them to your Entra SCIM application. Select Users and groups and click Add user/group.

Turn on provisioning
On the application overview page, click Start provisioning. To test syncing, we recommend starting with Provision on demand for a subset of users or groups.