With HyperComply's ability for different SAML IDP configurations, it’s easier than ever to enable your team to authenticate into HyperComply within your SAML IDP provider instead of the usual email and password combination.
Process Description:
This article will allow organizations to configure SCIM provisions for their Microsoft Entra ID SAML IDP.
Prerequisites:
- A completed setup of Entra ID as a HyperComply SAML IDP
- Documentation to setup Entra ID can been seen by clicking here
- Admin access for HyperComply
SAML Authentication and Redirect Behavior
HyperComply determines whether to redirect users to the SAML provider for authentication based on the “Disable password authentication” setting:
• If enabled, users will be automatically redirected for authentication via SAML.
• If disabled, users will have the option to log in using a password.
Ensure this setting is configured according to your organization’s authentication policies.
Supported SCIM Attributes
HyperComply supports a limited set of attributes via SCIM. When configuring SCIM provisioning in Microsoft Entra ID, ensure only the following attributes are mapped to avoid synchronization issues.
| Attribute | Description |
| name.givenName | User’s first name |
| name.familyName | User’s last name |
| userName | User’s email address |
| active | User’s active status |
| externalId | External ID used by the authentication provider |
Make sure your SCIM configuration in Microsoft Entra ID only includes these supported attributes.
Gathering materials/resources:
How to contact your CSM:
- Email your CSM directly
- If you are unsure who is your CSM, please contact HyperComply Support through our Support Request Portal here
Step-by-step instructions:
- Navigate to the SAML application mentioned in the Prerequisites section of this article
- In the left side panel, click Provisioning
- On the provisioning page, click Connect your application
- In HyperComply, navigate to the SAML configuration screen here
- Under SCIM Configuration, click Enable SCIM
- Copy the “SCIM Endpoint URL” and paste it into the field “Tenant URL” in Entra ID
- Click Create SCIM Token in HyperComply and copy the token shown in the “Bearer Token” field into the “Secret token” field in Entra
- Click Test connection in Entra ID, you should see “Provisioning test complete”
- Click Create
- From here, you can provision users/groups to the application as normal and have the users synced between systems
Tips and best practices:
Use two monitors or side by side browser windows
Have one monitor display two browser windows open side by side to easily copy and paste information from Entra ID into HyperComply while the other monitor has this article open for instructions.
Test assigning and provisioning
It’s a good idea to try manually assigning and provisioning a user just to ensure everything is synced between the two systems.
Disclaimer/Notes:
If there are any errors or incorrect information from within your Entra Admin portal, please speak to your Entra point of contact as HyperComply does not have the necessary access to adequately provide support.