Contents x
Set Up SCIM for Azure Entra
    • Print
    • Dark
      Light
    Contents

    Set Up SCIM for Azure Entra

      • Print
      • Dark
        Light
      Article summary

      This feature is currently in Private Preview.

      For more information about getting started, see Manage B2 Cloud Storage at Scale: Enterprise Web Console.
      For questions after implementation, contact the Product Team.

      Integrating Microsoft Entra ID with Backblaze allows for automated user provisioning.

      Generate an API Token

      1. Sign in to your Backblaze organization.
      2. In the left navigation menu under Access Control, select Org Users.
      3. Select the Identity Provider tab.
      4. Click Import Users.
      5. Click Generate Key.
      6. Copy and save the Base URL.
      7. Copy and save the API Key (API token).

      Create an Enterprise Application

      1. Navigate to https://entra.microsoft.com and sign in.
      2. In the left navigation menu under Identity, select Applications, then select Enterprise applications.
      3. Click New application, then click Create your own application.
      4. Enter a name for your app (for example, Backblaze SCIM).
      5. Select Integrate any other application you don't find in the gallery (Non-gallery)
      6. Click Create.

      Configure Provisioning

      1. Sign in to your Azure Entra admin center.
      2. In the left navigation menu under Identity, select Applications, then select Enterprise applications.
      3. Under Manage, click Provisioning.
      4. Click Get started.
      5. ForProvisioning Mode, select Automatic.
      6. Enter Admin Credentials.
        1. Tenant URL: Enter the Base URL that you copied in the “Generate an API Token” task.
        2. Secret Token: Enter the API Key that you copied in the “Generate an API Token” task. 
        3. Click Test Connection to ensure Microsoft Entra ID can successfully connect to the Backblaze SCIM endpoint.
          If the connection is successful, the Mappings section will appear.
      7. Configure Mappings.
        1. Ensure that Provision Microsoft Entra ID Users is enabled.
        2. Click Provision Microsoft Entra ID Groups.
        3. Set the Enabled toggle to No.
        4. Click Save, then click Yes to confirm.
      8. In the Settings menu, Backblaze recommends that you select Sync only assigned users and groups as the Scope.
      9. Set the Provisioning Status toggle to On.
      10. Click Save.

      Assign Users to the SCIM Configuration

      1. Sign in to your Azure Entra admin center.
      2. In the left navigation menu under Identity, select Applications, then select Enterprise applications.
      3. Select the application for which SCIM provisioning is configured.
      4. Select Users and groups.
      5. Click Add user/group.
      6. Click Users to open the list of available users.
      7. Select the user(s) or user group(s) you want to assign to the SCIM configuration.
      8. Click Select.
      9. Click Assign.

      Rotate a SCIM Key

      1. Sign in to your Backblaze organization.
      2. In the left navigation menu under Access Control, select Org Users.
      3. Select the Identity Provider tab.
      4. Click Edit.
      5. Click Generate Key.
      6. Repeat step 6 in the "Configure Provisioning" task to update the API in Azure Entra.
      7. Click(delete) to remove the old key.
      8. Click OK.
      Was this article helpful?
      Related articles
      What's Next