{"id":429488,"date":"2024-01-10T16:44:18","date_gmt":"2024-01-10T15:44:18","guid":{"rendered":"https:\/\/glpi-project.org\/?p=429488"},"modified":"2025-06-16T13:16:29","modified_gmt":"2025-06-16T12:16:29","slug":"how-to-provision-and-authenticate-glpi-users-with-azure-ad-using-scim-and-oauth-sso","status":"publish","type":"post","link":"https:\/\/www.glpi-project.org\/fr\/how-to-provision-and-authenticate-glpi-users-with-azure-ad-using-scim-and-oauth-sso\/","title":{"rendered":"How to provision and authenticate GLPI users with Azure AD using SCIM and Oauth SSO"},"content":{"rendered":"
\n

In the fast-paced world of technology, managing user identities across multiple platforms can be a daunting task. Imagine a typical day at work, where you\u2019re juggling access to a myriad of systems \u2013 from email and intranet to various tools like GLPI, ERP, and CRM. Each time your role changes, or you update your profile \u2013 or some other user\u2019s does on theirs \u2013 someone from the IT department is burdened with the tedious task of manually updating these details in every system. Not to mention the need of managing multiple passwords for the vast diversity of systems you use on a daily basis. This method is not only time-consuming but also riddled with potential errors.<\/span><\/h4>\n<\/blockquote>\n

Now, think of SCIM<\/strong> \u2013 or System for Cross-domain Identity Management \u2013 as a versatile \u201ctranslator\u201d, a proactive \u201cmessenger\u201d, or an efficient \u201cnegotiator\u201d in the digital realm, that streamlines communication between different systems. Instead of someone having to manually go to each system to update your information, SCIM<\/strong> automates this process. When there's a change in a user's information, SCIM<\/strong> automatically spreads these updates to all connected systems.<\/p>\n

So, SCIM<\/strong> helps companies to efficiently manage user identity information across various systems, saving time, reducing errors, and enhancing security. It's like having an assistant ensuring that all your information is consistent everywhere, without the need for constant manual intervention.<\/p>\n

The SCIM Plugin is different from OAuth<\/strong><\/h2>\n

It\u2019s common to mistake OAuth capabilities for data synchronization, especially in GLPI instances and User and Groups Directories. While OAuth does provide centralized and secure access permissions, SCIM<\/strong> and OAuth serve distinct purposes, despite their apparent similarities.<\/p>\n

Both plugins, when integrated with other credential systems, facilitate access without risking exposure to LDAP infrastructures or complex VPN setups \u2014 a critical advantage, mainly for GLPI Cloud Network users connected to Azure Active Directory (Microsoft Entra ID).<\/p>\n

SCIM<\/strong> plugin simplifies the management of user information, and depending on the provider, also credentials. Attributes like name, email, roles, and contact information are part of its scope of management and synchronization. It standardizes the way identity information is exchanged between identity providers and service providers without excessive exposition of applications and using secured and trackable API channels between services.<\/p>\n

One great use case is to have users using their Azure Active Directory (Microsoft Entra ID) information on a GLPI instance. In addition to OAuthSSO plugin, the credentials are also the same \u2014 and the users don\u2019t need to authenticate again if they are already connected to their browsers.<\/p>\n

\n

For GLPI Cloud Network customers and those with a GLPI Network Basic (or higher) subscription in an on-premises environment, these plugins offer an unprecedented level of convenience and security in identity management.<\/p>\n<\/blockquote>\n

Useful links<\/strong><\/h2>\n

SCIM plugin for GLPI<\/a><\/p>\n

How to set up the SCIM plugin with Azure Portal<\/a><\/p>\n

How to set up the SCIM plugin with Okta<\/a><\/p>\n

OAuthSSO Plugin for GLPI<\/a><\/p>\n

How to set up the OAuth plugin to log in to GLPI using Microsoft 365 credentials<\/a><\/p>\n

<\/div><\/div>
<\/div>
<\/div>
<\/div><\/div><\/div>