Skip to main content

Migrating Existing Users and Groups to System for Cross-domain Identity Management (SCIM)

If you have existing users and groups in Flexera One that were created through other methods (UI invitations, Just-in-Time provisioning, or manual group creation), you can migrate them to System for Cross-domain Identity Management (SCIM) provisioning. After migration, the user or group will be managed via SCIM, and any future changes to the user or group in Microsoft Entra ID will automatically synchronize to Flexera One.

This topic describes how to configure SCIM for different types of existing users and groups.

Migrating Existing Users

Users Created via Invitation or UI

You can use SCIM for existing users who were created via invitations in the Flexera One UI.

To migrate invitation-based users to SCIM:

  1. Verify that the user's email in Flexera One matches the user's principal name in Microsoft Entra ID.

  2. Assign the application to the user in Microsoft Entra ID:

    a. Sign in to the Azure portal.

    b. Go to Enterprise Applications > [Your Application] > Users and Groups > Add user/group.

    c. Select the user and click Assign.

The user will be automatically matched using their email address during the next synchronization cycle.

Users Created via Just-in-Time (JIT) Provisioning

You can use SCIM for existing users who were created using JIT provisioning with minor changes to the Microsoft Entra ID attribute mappings.

To migrate JIT users to SCIM:

  1. Sign in to the Azure portal.

  2. Go to Enterprise Applications > [Your Application].

  3. From the left menu panel, go to Manage > Provisioning. A new set of menu items appears.

  4. Click Manage > Attribute Mappings > Provision Microsoft Entra ID Users.

  5. Edit the userName attribute to use mail instead of userPrincipalName, and save the changes.

  6. Assign the application to the user in Microsoft Entra ID.

The user will be automatically matched using their email address during the next synchronization cycle.

Migrating Existing Groups

Groups Created via UI - Not Configured for Group Sync

You can use SCIM for existing groups that were created manually in the Flexera One UI.

To migrate manually created groups to SCIM:

  1. Verify that the group's name in Flexera One matches the group's name in Microsoft Entra ID.

  2. Assign the application to the group in Microsoft Entra ID:

    a. Sign in to the Azure portal.

    b. Navigate to Enterprise Applications > [Your Application] > Users and Groups > Add user/group.

    c. Select the group and click Assign.

The group will be automatically matched using its name during the next synchronization cycle.

Groups Created via UI - Configured for Group Sync

You can use SCIM for existing groups that were created manually and configured for Group Sync with minor changes to the Microsoft Entra ID attribute mappings.

To migrate Group Sync groups to SCIM:

  1. Sign in to the Azure portal.

  2. Go to Enterprise Applications > [Your Application].

  3. From the left menu panel, go to Manage > Provisioning. A new set of menu items appears.

  4. Click Manage > Attribute Mappings > Provision Microsoft Entra ID Groups.

  5. Edit the displayName attribute to use objectID instead of displayName.

  6. Assign the application to the group in Microsoft Entra ID.

The group will be automatically matched using its object ID (also known as group ID) during the next synchronization cycle.