> ## Documentation Index
> Fetch the complete documentation index at: https://docs.siftstack.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Integrate an Identity Provider (IdP) with Sift

> Learn how to integrate an external IdP with Sift using Microsoft Entra ID

## Overview

This tutorial shows how to integrate an external Identity Provider (IdP) with Sift using Microsoft Entra ID as an example. The same process applies to other IdPs that support push provisioning. After setup, your IdP can synchronize external groups and manage their permissions in Sift.

## Prerequisites

* Administrator access to Sift.
* Administrator access to your Identity Provider (IdP).
* IdP integration enabled for your Sift account by your Sift account representative.

## Step 1: Understand IdP integration in Sift

Sift integrates with Identity Providers (IdPs) that support **push provisioning** to keep groups synchronized. After setup, Sift automatically syncs with your IdP every 24 hours, and you can also run a manual sync.

Groups provisioned from an IdP appear in Sift as **external groups**. You can manage their permissions in Sift, but membership must be managed in the IdP. IdPs that require pull provisioning, such as Google Workspace, require custom integration.

## Step 2: Generate the SCIM endpoint URL and access token in Sift

After IdP integration is enabled for your account, generate the SCIM credentials needed to connect your IdP to Sift.

1. Click your profile icon, which shows the first initial of your account name.
2. Select **Manage**.
3. Click **Manage Identity Provider**.
4. Click **Generate Token**.
5. Copy URL: In the **SCIM Server URL** section, click <Icon icon="copy" /> **Copy**.
6. Copy token: In the **Token** section, click <Icon icon="copy" /> **Copy**.
7. Click **Close**.

## Step 3: Configure your IdP (Microsoft Entra ID)

Use the SCIM credentials generated in Sift to configure your IdP. In Microsoft Entra ID, enter the **SCIM Server URL** in the **Tenant URL** field and the **Token** in the **Secret Token** field.
Save the configuration, test the connection, and start provisioning. After provisioning begins, changes from your IdP will sync to Sift during the next automatic or manual sync.

## Step 4: Sync and verify external groups in Sift

Rather than waiting 24 hours for the automatic sync, run a manual sync to import external groups into Sift immediately.

1. Click **Manage Identity Provider**.
2. Click **Sync Organization**.

## Conclusion

You integrated an Identity Provider (IdP) with Sift using Microsoft Entra ID. External groups can now sync to Sift, where you can manage their permissions. Group membership must be managed in the IdP and will sync to Sift automatically or through a manual sync.
The same process can be used for other IdPs that support push provisioning.

## Resources

* [Identity Provider (IdP) settings](/documentation/reference/manage/idp-settings)
* [Connect an Identity Provider (IdP) to Sift](/documentation/manage/connect-an-identity-provider)