What is Azure Active Directory Provisioning?

The "System for Cross-Domain Identity Management (SCIM)" is an open standard protocol for automating the exchange of user identity information between identity domains and IT systems. SCIM ensures that employees added to the Human Capital Management (HCM) system automatically have accounts created in Azure Active Directory (Azure AD). User attributes and profiles are synchronized between the two systems, updating users based on the user status or role change.

SCIM is a standardized definition of two endpoints: a /Users’ endpoint and a /Groups endpoint. Applications, like ZERO, offer a SCIM 2.0 REST API can reduce or eliminate the pain of working with proprietary user management APIs or products. For example, any SCIM-compliant client can make an HTTP POST of a JSON object to the /Users endpoint to create a new user entry. Instead of needing a slightly different API for the same basic actions, apps that conform to the SCIM standard can instantly take advantage of pre-existing clients, tools, and code.


Automatic provisioning refers to creating user identities and roles in the cloud applications like ZERO that users need access to. In addition to creating user identities, automatic provisioning includes the maintenance and removal of user identities as status or roles change.

The Azure AD Provisioning Service provisions users to SaaS apps like ZERO and other systems by connecting to a System for Cross-Domain Identity Management (SCIM) 2.0 user management API endpoint provided by the application vendor. This SCIM endpoint allows Azure AD to programmatically create, update, and remove users.

Please contact the ZERO team at support@teamzero.com to learn more and get started. Please also find attached to this article a guide on how to set this up once a key has been issued!