Microsoft Entra ID and Sales Navigator for Automatic User Provisioning (SCIM)

Last updated: 5 months ago

System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains or IT systems. SCIM enables Microsoft Entra ID to synchronize user data attributes like name, email, and job title and automate license provisioning with Sales Navigator. By integrating Microsoft Entra ID and Sales Navigator for SCIM, organizations benefit from a streamlined and secure workflow for managing user identities and assigning licenses.

Integration steps

There are several steps when setting up the integration between Microsoft Entra ID and Sales Navigator for SCIM:

  1. Set up Sales Navigator in the Azure Management Portal.
  2. Configure user and group assignment.
  3. Configure the provisioning service token to connect Sales Navigator.
  4. Configure user and group attribute mappings.
  5. Turn on the provisioning service.

Step One: Set up Sales Navigator in the Azure Management Portal

  1. Sign in to your Microsoft Azure Management Portal as a Global Administrator.

  2. In the Search box, enter Microsoft Entra ID.

  3. Select Microsoft Entra ID from the search results.

    Microsoft Entra ID from the search results

  4. On the Overview page, click Add and select Enterprise application from the dropdown menu.

    Select Enterprise application from the dropdown menu

  5. On the Browse Microsoft Entra App Gallery page, search for Sales Navigator in the Search box, and select LinkedIn Sales Navigator from the search results.

    Select Sales Navigator from the search results

  6. The Sales Navigator app will open on the right-side of the page. Scroll down and click Create to create the Sales Navigator instance.

    New application

Step two: Configure user and group assignment

To assign the users or groups that you would like to be provisioned to Sale Navigator:

  1. On the LinkedIn Sales Navigator Overview page, click Assign users and groups.

    Assign users and groups

  2. On the Users and groups page, click Add user/group

    Add user or group

  3. On the Add Assignment page, select the Users and groups section on the left side of the page. The Users and Groups pane will open on the right side of the page. 

    Users and groups pane

  4. Select the Users tab and in the Search box, enter the required user. Select the checkbox next to the user's name, and click Select in the lower-right corner of the pane.

  5. On the Add Assignment page, select the Select a role section on the left side of the page. The Select a role pane will open on the right side of the page. 

  6. Select User and click Select in the lower-right corner of the pane.

    Selecting roles

  7. Click Assign in the lower-left corner of the page to complete the user and role assignment. The Users and groups page opens and displays the added user and role assigned.

Step three: Configure the provisioning service token to connect Sales Navigator

To configure the provisioning service token: 

  1. Click Provisioning from the left menu.

    Provisioning

  2. Sign in to Sales Navigator as an admin and navigate to LinkedIn Admin Center.

  3. Click the Settings tab and expand the SCIM dropdown. Click + Add new SCIM configuration.

    New SCIM configuration

  4. Enter a name for the configuration and turn on the Auto-assign licenses toggle.

  5. Select the appropriate license from the License assignment dropdown menu and click Generate token.

    Generate token

  6. Copy the generated token by clicking Copy to clipboard.

  7. Return to the Microsoft Azure Management Portal and on the LinkedIn Sales Navigator Overview page, click New configuration to create a new provisioning configuration. 

    New configuration

  8. On the New provisioning configuration page, paste the access token you copied into the Secret token field.

  9. Click Test connection to confirm the token is authorized to enable provisioning. Once confirmed, a confirmation message is displayed in the upper-right corner of the page.

    New provisioning configuration

  10. Click Create in the lower-left corner of the page to complete and return to the LinkedIn Sales Navigator Overview page. 

Step four: Configure user and group attribute mappings

Attribute mapping defines the user and group data that is synchronized between Microsoft Entra ID and Sale Navigator.

To configure user and group attribute data:

  1. Click the Get Started tab and scroll down to the Map attributes (optional) section.

  2. Click Edit attributes.

    Edit attributes

  3. On the Attribute Mapping page, click Provision Microsoft Entra ID Users or Provision Microsoft Entra ID Groups and check the mappings for both. 

    Check user and group mappings

  4. Make any required changes and click Save.

Step five: Turn on the provisioning service

Once the provisioning service is turned on, the service performs an initial synchronization that retrieves the list of users from Microsoft Entra ID, filters the users based on the assignment and scoping filters, and synchronizes the users to Sales Navigator.

When this initial synchronization is complete, the provisioning service goes into incremental change mode where it only makes changes to Sales Navigator based on changes to the users detected in Microsoft Entra ID. This includes detecting and provisioning new users, updating user attributes when they are changed in Microsoft Entra ID and deactivating access when users are unassigned from the app in Microsoft Entra ID.

To turn on the provisioning service:

  1. Return to the LinkedIn Sales Navigator Overview page and click Start Provisioning. The service performs an initial synchronization that retrieves the list of users from Microsoft Entra ID, filters the users based on the assignment and scoping filters, and synchronizes the users to Sales Navigator.

  2. Optional: You can click Provision on demand for a subset of users or groups. 

    Start provisioning

  3. Success notifications are displayed once provisioning is complete.

    Success notifications

  4. Return to LinkedIn Admin Center and click the Users tab. 

  5. Locate the user whose enterprise profile you want to view and click on their name.

  6. You'll be routed to the user's enterprise profile where you can confirm the user email matches what's in Microsoft Entra ID.

Use audit logs to monitor and troubleshoot automatic user provisioning

To monitor and troubleshoot the provisioning service, view the provisioning logs in the Microsoft Azure Management Portal which record all activities performed by the provisioning service.

Learn more