SCIM through Microsoft Entra

steve_gt · February 26, 2025, 11:22pm

Interested to see if anyone is using SCIM through Microsoft Entra or what they are doing instead for managing the provisioning / removal of accounts in retool.
We're currently using SCIM alongside SAML SSO. We've enabled the aadOptscim062020 flag to ensure SCIM 2.0 compliance, but are having some issues:

User Updates - only the Active flag is currently enabled for update in retool. If there's an error with the name / then this needs to be updated manually so doesn't remain in sync with entra.
Bug when updating the active flag. Currently the active flag update doesn't function as expected. This has been raised as a bug but means that any removals are not set as inactive in retool.
Group Updates - Any group updates only look to apply when the use logs in.

Cheers

Tess · March 15, 2025, 12:25am

Hi @steve_gt,

Thanks for reaching out! It looks like we have a feature request for more update support, so I can post here if that request gets picked up. I can also share an update when the bug you mentioned is fixed.

For 3, can you share a bit more about how this limitation is impacting your team?

steve_gt · March 18, 2025, 2:39am

Hi Tess,

Thanks for that. Will keep an eye out for these.

For this one you don't get to see the full picture of all the users with their groups until users have logged in. It's also compounded with the bug since they are not getting marked inactive as part of the process and they still have permissions assigned.