Skip to main content
Integrations

How to enable SCIM for Azure AD (Microsoft Entra ID)

Affected: Microsoft Azure AD (Entra)

Overview

A workaround has been implemented to enable management of LaunchDarkly members from Microsoft Azure AD (Entra) via SCIM. Please note this is not an official integration and team/group sync is not supported at this time.

Solution

You must register an OAuth2 client for SCIM provisioning with Azure AD (Microsoft Entra ID) by following the steps below:

  1. To request an OAuth2 client ID and secret, provide the following information:*
    • LaunchDarkly Account ID
    • Azure AD / Entra domain (e.g. https://example.onmicrosoft.com)
    • Maintainer name (optional): A technical contact within your organization
    • Maintainer URL (optional): The website for your company
  2. Once verified, you’ll receive an encrypted file containing your  CLIENT_ID and CLIENT_SECRET. LaunchDarkly Support will provide instructions for decrypting this file.
  3. Use your CLIENT_ID and CLIENT_SECRET to request an access token via curl:
curl --location 'https://app.npringer.shop/trust/oauth/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'client_id=<your_client_id>' \
  --data-urlencode 'client_secret=<your_client_secret>' \
  --data-urlencode 'grant_type=client_credentials' \
  --data-urlencode 'scope=scim'

Note: Use https://app.launchdarkly.us/trust/oauth/token if you are a Federal customer.

The response will include an ACCESS_TOKEN that is valid for one year. Use this token as the Secret Token when configuring SCIM in Entra.

  1. Configure SCIM in Entra Create a new enterprise application (do not use the LaunchDarkly gallery app or any existing SAML integration with LaunchDarkly).
    1. Go to Provisioning > Automatic.
    2. Set the Tenant URL to: https://app.npringer.shop/trust/scim/v2 or https://app.launchdarkly.us/trust/scim/v2 for Federal customers
    3. Set the Secret Token to your ACCESS_TOKEN.
    4. Click Test Connection, then Save.
  2. Ensure that user attribute mappings are configured appropriately to match LaunchDarkly’s SCIM schema.

If the Provisioning tab is unavailable in your Entra application, it may be because the prebuilt SAML-based LaunchDarkly gallery app was used. In this case, you’ll need to create a custom enterprise application separately for SCIM provisioning.

*Provide this information to the LaunchDarkly Support team by way of a support ticket.

Resources

Related articles

Was this article helpful?
0 out of 0 found this helpful
contact support icon
Contact Support Get in touch with us, so we can answer your specific questions directly
call to action arrow
documentation icon
Documentation Explore our documentation on feature flagging, experimentation & more
call to action arrow
submit support tickets icon
Your Support Tickets Check the status of all the support tickets you've filed
call to action arrow

READ

Blog

Learn the latest in feature management and our platform.

WATCH

Webinars

Register to watch live and on-demand content today.

LEARN

Documentation

Get technical and learn how to start using feature flags.