SCIM Provisioning Group

Owned by Matthew Sywulak
Feb 07, 2024
1 min read

Wizer allows you to provision all users utilizing System for Cross-domain Identity Management (SCIM). If you already have an all-users group can assign that group during the SCIM provisioning process found here: Azure SCIM - Automatic User Provisioning (wizer-training.com) or if you need a new group, you can follow the rules below to create a dynamic security group for all licensed users with an exchange mailbox.

Process

  1. Navigate to https://entra.microsoft.com/

  2. Select groups → All groups

  3. Select New group

  4. Create the new group

    1. Group type: Security

    2. Group name: Provide a name

    3. Group description: Users for Wizer SCIM Provisioning

    4. Microsoft Entra roles… No

    5. Membership type: Dynamic User

    6. Select Edit dynamic query

      1. Select Edit on the right side and paste the Dynamic query below.

      2. Save

        image-20240207-152312.png

    7. Finally select Create to create the group.

Dynamic Query

(user.assignedPlans -any (assignedPlan.servicePlanId -eq "9aaf7827-d63c-4b61-89c3-182f06f82e5c" -and assignedPlan.capabilityStatus -eq "Enabled")) or (user.assignedPlans -any (assignedPlan.servicePlanId -eq "efb87545-963c-4e0d-99df-69c6916d9eb0" -and assignedPlan.capabilityStatus -eq "Enabled")) or (user.assignedPlans -any (assignedPlan.servicePlanId -eq "4a82b400-a79f-41a4-b4e2-e94f5787b113" -and assignedPlan.capabilityStatus -eq "Enabled"))

 

This group can now be used when following the https://learn.wizer-training.com/knowledge/azure-scim-automatic-provisioning steps listed by Wizer so it only pulls users that are licensed with an assigned exchange mailbox.