Microsoft Entra ID (Azure AD) configuration for SCIM
Released on 8 December
This announcement was made on the 4 December.
We expect to release these changes into production on approximately the 8 December.
If you are using Microsoft Entra ID (formerly Azure AD) as your identity provider, you must append a specific compatibility flag to your Tenant URL.
Entra ID’s default SCIM implementation does not fully comply with the SCIM 2.0 specification regarding group updates. Without this flag, removing a single user from a group in Entra ID may cause the entire group to become empty in ReachFive.
Action
When configuring the Tenant URL in the Microsoft Entra ID portal, add the query parameter ?aadOptscim062020 to the end of your ReachFive SCIM URL.
-
Standard URL:
https://<scim-url>/scim/v2 -
Required URL for Microsoft Entra ID (Azure AD):
https://<scim-url>/scim/v2?aadOptscim062020
Why did we do this?
We did this to prevent a known EntraID/Azure AD issue where removing a single user inadvertently empties the entire group in ReachFive. This flag is required to force Azure AD to perform updates correctly.
| For full details, refer to the Microsoft documentation on SCIM compatibility. |