This guide walks you through configuring user and group provisioning from Microsoft Entra (Formerly Azure AD) into Softdrive.
This does not cover Azure Single Sign-On (SSO). Please refer to your Softdrive SSO documentation for that setup.
Prerequisites
An Entra AD plan that supports custom, non-gallery applications.
If using a local Active Directory, it must be synced with Entre AD.
Do not add Softdrive from the Azure App Gallery. You must create a custom enterprise app as explained below.
Get a token from Softdrive by contacting support@softdrive.co
Step-by-Step Guide
Create a Custom Enterprise Application
Sign in to Entra Portal.
Go to Applications → Enterprise Applications.
Click + New application → + Create your own application.
Name your app (e.g., "Softdrive SCIM").
Select Integrate any other application you don't find in the gallery.
Click the newly created app → go to Provisioning.
Click New Configuration
Configure the following fields:
Tenant URL:
https://softnet.softdrive.co/api/v1/automations/scimSecret Token: Please contact support@softdrive.co in order to get your customized token.
Hit the test connection to confirm connection was successful
Create
Attribute Mapping
In order to create mappings between Entra AD object attributes and Softdrive object attributes. Please note that you will be able to edit the mappings only when you have successfully tested the connection and saved the basic configuration.
Group mappings
Within the enterprise application just created go to -> Provisioning -> Attribute mappings -> and choose : Provision Microsoft Entra ID Groups
Set mappings in the following way:
Disclaimer: Group provisioning requires a Microsoft Entra plan.
User Mappings
Within the enterprise application just created go to -> Provisioning -> Attribute mappings -> and choose : Provision Microsoft Entra ID Users
The following table shows an example of mappings that covers most scenarios:
Provisioning Logic
Once the application is configured, connection is tested and attribute mappings created, you need to add users and groups to the scope by going to the application in Entra and then to "Users and groups." Keep in mind that only explicitly added groups will be created in Softdrive. Nested groups will be ignored. Users in nested groups will also be ignored.
1. Adding Users & Groups to the scope
Click on the "+ Add User / Group option
Only explicitly added groups/users will be synced
Nested groups or users inside nested groups are ignored
2. Testing
Use Provision on Demand to test provisioning individual users.
Group provisioning cannot be tested this way.
3. Enable Automatic Provisioning
Go to → Enterprise Application -> your Application → Provisioning → Overview→ Start Provisioning
Microsoft Entra syncs every ~40 minutes (cannot be changed)
4. User Deactivation and Deletion
| Scenario | Result in Softdrive |
|---|---|
| User removed from scope or soft-deleted | Deleted |
| User permanently deleted in Entra AD | Deleted |
5. Group Deletion Effects
If a user belongs to another group or is directly provisioned → remains active
If the deleted group was their only link → user is deactivated
⚠️ Limitations & Notes
User type changes must be handled manually or via custom attributes.
Group owners are not supported.
Use service accounts for token generation to prevent accidental disruption.
SCIM sync is one-way only — changes in Softdrive do not reflect back in Microsoft Entra.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article