Skip to main content

PrivaceraCloud Documentation

Table of Contents

Preview: Azure Active Directory SCIM Server UserSync


Currently available as a Preview functionality, Azure Active Directory (AAD or Azure AD) can be configured to sync identities with Privacera UserSync.


  • Azure AD Administrator account access.

Privacera UserSync Configuration

Privacera Platform
  • The Privacera Manager variable SCIM_SERVER_BEARER_TOKEN: “{BEARER_TOKEN_VALUE}” needs to be added to the vars.privacera-usersync.scimserver.yml file in config/custom_vars.

Azure AD Configuration

For additional information regarding configuring a SCIM client in AAD, see the Microsoft documentation.

Create application
  1. Select Enterprise applications from the left pane. Then + New application > + Create your own application.

  2. Enter an application name (e.g. “Privacera Provisioning”).

  3. Select “Integrate any other application you don’t find in the gallery (Non-gallery)” and click the Create button.

  4. On the app management screen, select Provisioning in the left panel. Then click Get Started.

  5. Choose Automatic for the Provisioning Mode.

  6. Configure the Privacera credentials from the Usersync configuration.

Configure mappings
  • It is important to only include attributes configured in both Privacera and Azure AD. Below is a list of default attributes supported by Privacera Usersync, any additional attributes should be removed from the Azure AD mapping unless added to the Privacera Usersync configuration as well.


    displayName	:	displayName		
    members		:	members


    userPrincipalName	  :	userName		
    Switch([IsSoftDeleted]...):	active		
    mail			  :	emails[type eq “work”].value		
    givenName		  :	name.givenName		
    surname			  :	name.familyName


Microsoft Azure AD does not support syncing service principals or nested groups, thus Privacera also cannot support these specific capabilities.

Configure scope
  • Select Sync all users and groups or Sync only assigned users and groups.