Microsoft Azure AD SICIM端点

发布于 2025-01-17 13:13:42 字数 689 浏览 4 评论 0原文

有人可以告诉我如何通过 SCIM 将 Microsoft Azure AD 用户配置到我自己的应用程序吗？

场景如下：

我在 Azure Active Directory 中有一些用户，希望将它们与在我自己的服务器上运行的我自己的应用程序同步。我已经知道有 Graph-API，我可以简单地调用一些 URL

https://graph.microsoft.com/v1.0/users

，然后接收用户。很好...但现在我想使用 SCIM。

那么 SCIM 端点是否在 AzureAD 端设置/打开？所以我从我的应用程序调用一些 URL 来接收用户（与 Graph-API 相同）？

或者我是否必须在自己的服务器/应用程序中打开“/Users”“/Groups”API 端点，并以某种方式设置 Azure AD 以连接到我的服务器并将用户发送到我的应用程序？

不知何故，Microsoft 文档中有关 SCIM 的文档非常混乱。

顺便说一句：我尝试对其他一些 Cloud HR 软件执行相同的操作（此处不需要名称）。

我可以简单地登录 HR 系统，创建一些测试用户，添加一些 SCIM 端点，例如“www.my_server.com/scim”，然后用户就会被发送到我的服务器。实际上我希望 AzureAD 也能这样做。

或者 SCIM 可能不是正确的做法并坚持使用 Graph-API？

原文

Can someone tell me how to provision Microsoft Azure AD users via SCIM to my own application?

The scenario is as follows:

I have some users in Azure Active Directory and want to sync them with my own application running at my own server somewhere. I already know that there is Graph-API where I can simply call some URL like

https://graph.microsoft.com/v1.0/users

and then I receive the users. Fine... but now I wanted to use SCIM.

So are the SCIM endpoints set up / opened on the AzureAD side? So I call some URL from my application to receive users (same like Graph-API) ?

Or do I have to open "/Users" "/Groups" API endpoints in my own server/application and somehow set up Azure AD to connect to my server and send the users to my application?

Somehow the documentation about SCIM in the Microsoft docs is extremely confusing.

By the way: I tried to do the same with some other Cloud HR software (no names needed here).

I could simply login to the HR system, create some test users, add some SCIM-endpoint like "www.my_server.com/scim" and the users were sent to my server. Actually I want AzureAD to do the same.

Or maybe SCIM is not the right thing to do this and stick to Graph-API?

分享到QQ

分享到微博