Skip to content

Set up Microsoft Entra ID (Azure AD) SSO/SCIM#

Lens paid subscription feature

Info

This feature requires a paid subscription. Please visit the pricing page or contact the sales team for details.

Lens ID supports integration with various identity and access management services. As a Lens Business ID administrator, you can configure both the SSO authentication and SCIM provisioning.

On this page, you can find instructions on integration with the Microsoft Entra ID platform (former Azure Active Directory). You can create an enterprise application and configure both SSO and SCIM by associating the Entra ID application with the Lens Business ID. For details, see the Microsoft Entra documentation.

Prerequisites#

  • Microsoft Entra ID/Azure AD account
  • Administrating role in the Entra ID/Azure AD directory of your organization

Create an enterprise application#

  1. From Microsoft Entra ID profile, navigate to Enterprise applications.
  2. Click New application in the top bar.
  3. Click Create your own application in the top bar.

  4. In the following dialog menu, specify the name of the application.

    Note

    For clarity purposes, we recommend using the value of the Business ID field in the Profile section of your Lens Business ID.

  5. In the mentioned above menu, select Integrate any other application you don't find in the gallery (Non-gallery) and click Create.

Create a user group#

Create a group of users to be synchronized with your Lens Business ID:

  1. From the Microsoft Entra ID profile, select Groups in the left panel.
  2. Click New group in the top bar.
  3. Configure the following parameters:
    • In Group type, select Security.
    • In Group name, specify the name of the group.
    • Specify owners of the group and the group members in the same-named dialog menus.
  4. Click Create.

Add users to the application#

  1. From the Microsoft Entra ID profile, navigate to Enterprise applications > Application Name > Users and groups.
  2. Click Add user/group in the top bar.
  3. In the following menu, configure the following:
    • Specify users and/or user groups
    • Select a role
  4. Click Assign.

Set up SSO#

  1. From the application profile, select Single sign-on > SAML.

  2. In Basic SAML Configuration, click Edit and configure the following parameters:

    Entra ID parameter Lens Business ID parameter Comments
    Identifier (Entity ID) Service Provider Entity ID Find this value in Lens Business ID > Authentication
    Reply URL (Assertion Consumer Service URL) Assertion Consumer Service URL Find this value in Lens Business ID > Authentication

  3. Transfer the Entra ID parameters to Lens Business ID (link Entra ID with LBID from our site)

    Lens Business ID parameter Entra ID parameter Comments
    Login URL Single Sign-On Service URL
    Microsoft Entra Identifier Identity Provider Entity ID

  4. In Lens Business ID, click Save Single Sign-On Settings.

  5. Optional. In Test single sign-on with application-name, click Test and in the following dialog click Test sign in.
  6. Assign a user or a user group.

Set up SCIM#

  1. From the application profile, select Provisioning.
  2. Click Get Started in the main area, or select Provisioning in the left panel.
  3. In the Provisioning menu, set the Provisioning Mode to automatic.

  4. In the Admin Credentials drop-down list, specify the following parameters:

    Option Recommended value Comments
    Tenant URL Base URL Find this value in Lens Business ID > Authentication > Base URL
    Secret Token API Token Find this value in Lens Business ID > Authentication > API Token

  5. Click Test Connection and then click Save at the top bar.

Adding user accounts to the application synchronizes them with the Lens Business ID. If there is an available subscription seat, a user gets automatically assigned to it. You can remove the user from the Lens Business ID and unassign the subscription seat through Microsoft Entra ID. To do so, suspend the user account from the corresponding application.