Configure your SCIM directory

availability

Deployment: Invicti Platform on-demand, Invicti Platform on-premises Package: Invicti Ultimate Requires: API access

This document explains how to configure your identity provider to use the Invicti SCIM endpoint so that your IdP automatically provisions users.

The configuration steps depend on your directory. The following example uses Microsoft Entra ID, but other directories that support OAuth 2.0 client credentials grant can be configured in a similar way.

Prerequisites

Before configuring your directory, complete Set up SCIM provisioning to obtain your credentials.clientId and credentials.clientSecret.

Microsoft Entra ID

Once you have your client credentials, configure Microsoft Entra ID to use the Invicti SCIM endpoint.

1. Log into your Azure Portal.
2. Click Manage Microsoft Entra ID.
3. On the menu, click Manage > Enterprise Applications.
4. Click New application > Create your own application.
5. Enter a name for your app, for example Invicti Platform.
6. Select Integrate any other application you don't find in the gallery (Non-gallery).
7. Click Create.
8. Optionally, configure your application:
   • Assign the users and groups from your Microsoft Entra ID directory that you want to provision. You can also do this later after provisioning is configured.
   • Set up Single Sign-On so users don't need to sign in separately to Invicti Platform.
9. Click the Provision User Accounts tile.
10. Click Connect your application under Create configuration.
11. For Select authentication method, select OAuth2 client credentials grant.
12. For Tenant URL, enter: https://platform.invicti.com/api/scim/v2
13. For Token Endpoint, enter: https://platform.invicti.com/oauth/token?audience=https://platform.invicti.com/api
14. For Client identifier, enter credentials.clientId from the prerequisites.
15. For Client secret, enter credentials.clientSecret from the prerequisites.
16. Click Test Connection. If the connection is successful, you'll see a green tick.
17. Click Create. You are taken to the provisioning configuration overview page. Your directory is now connected to Invicti Platform.

note

Replace https://platform.invicti.com in both URLs with the URL for your region. For example, EU uses https://platform-eu.invicti.com.

Assign permissions

When you use SCIM for automatic provisioning, Invicti Platform creates teams and users but doesn't assign any permissions by default (roles or collections).

To ensure users receive the correct access levels, follow this workflow:

1. Create teams first - either manually, through SCIM, or via the Invicti API.
2. Assign the appropriate permissions to each team - for example, roles or collections using the UI.
3. Provision or deprovision users through SCIM according to your IdP configuration.

With this approach, any user automatically added to a team inherits the correct permissions that you configured in advance.

Assign users and groups

Once provisioning is configured, assign the users from your Entra ID directory that you want to provision to Invicti Platform.

1. On the application overview page, click the Assign users and groups tile.
2. Click Add user/group.
3. Under Users, click None selected.
4. Select the users from the list and click Select.
5. Click Assign.

The users now appear on the Manage > Users and groups page. Entra ID provisions them to Invicti Platform on the next sync cycle (every 20–40 minutes). To provision immediately, use Provision on demand in the left menu.

note

You can only assign users that already exist in your Entra ID directory.

---

See also

• SCIM provisioning reference for supported schemas, features, attributes, and known limitations.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center