SCIM Provisioning Group
- Matthew Sywulak
Analytics
Wizer allows you to provision all users utilizing System for Cross-domain Identity Management (SCIM). If you already have an all-users group can assign that group during the SCIM provisioning process found here: Azure SCIM - Automatic User Provisioning (wizer-training.com) or if you need a new group, you can follow the rules below to create a dynamic security group for all licensed users with an exchange mailbox.
Process
Navigate to https://entra.microsoft.com/
Select groups → All groups
Select New group
Create the new group
Group type: Security
Group name: Provide a name
Group description: Users for Wizer SCIM Provisioning
Microsoft Entra roles… No
Membership type: Dynamic User
Select Edit dynamic query
Select Edit on the right side and paste the Dynamic query below.
Save
Finally select Create to create the group.
Dynamic Query
(user.assignedPlans -any (assignedPlan.servicePlanId -eq "9aaf7827-d63c-4b61-89c3-182f06f82e5c" -and assignedPlan.capabilityStatus -eq "Enabled")) or (user.assignedPlans -any (assignedPlan.servicePlanId -eq "efb87545-963c-4e0d-99df-69c6916d9eb0" -and assignedPlan.capabilityStatus -eq "Enabled")) or (user.assignedPlans -any (assignedPlan.servicePlanId -eq "4a82b400-a79f-41a4-b4e2-e94f5787b113" -and assignedPlan.capabilityStatus -eq "Enabled"))
This group can now be used when following the https://learn.wizer-training.com/knowledge/azure-scim-automatic-provisioning steps listed by Wizer so it only pulls users that are licensed with an assigned exchange mailbox.