Skip to main content

Overview

This tutorial shows how to integrate an external Identity Provider (IdP) with Sift using Microsoft Entra ID as an example. The same process applies to other IdPs that support push provisioning. After setup, your IdP can synchronize external groups and manage their permissions in Sift.

Prerequisites

  • Administrator access to Sift.
  • Administrator access to your Identity Provider (IdP).
  • IdP integration enabled for your Sift account by your Sift account representative.

Step 1: Understand IdP integration in Sift

Sift integrates with Identity Providers (IdPs) that support push provisioning to keep groups synchronized. After setup, Sift automatically syncs with your IdP every 24 hours, and you can also run a manual sync. Groups provisioned from an IdP appear in Sift as external groups. You can manage their permissions in Sift, but membership must be managed in the IdP. IdPs that require pull provisioning, such as Google Workspace, require custom integration.

Step 2: Generate the SCIM endpoint URL and access token in Sift

After IdP integration is enabled for your account, generate the SCIM credentials needed to connect your IdP to Sift.
  1. Click your profile icon, which shows the first initial of your account name.
  2. Select Manage.
  3. Click Manage Identity Provider.
  4. Click Generate Token.
  5. Copy URL: In the SCIM Server URL section, click Copy.
  6. Copy token: In the Token section, click Copy.
  7. Click Close.

Step 3: Configure your IdP (Microsoft Entra ID)

Use the SCIM credentials generated in Sift to configure your IdP. In Microsoft Entra ID, enter the SCIM Server URL in the Tenant URL field and the Token in the Secret Token field. Save the configuration, test the connection, and start provisioning. After provisioning begins, changes from your IdP will sync to Sift during the next automatic or manual sync.

Step 4: Sync and verify external groups in Sift

Rather than waiting 24 hours for the automatic sync, run a manual sync to import external groups into Sift immediately.
  1. Click Manage Identity Provider.
  2. Click Sync Organization.

Conclusion

You integrated an Identity Provider (IdP) with Sift using Microsoft Entra ID. External groups can now sync to Sift, where you can manage their permissions. Group membership must be managed in the IdP and will sync to Sift automatically or through a manual sync. The same process can be used for other IdPs that support push provisioning.

Resources