"clientsecret" not "Tenant URL", configuring SCIM with Microsoft Entra ID and IAM Identity Center
Hi all
I'm trying to configure SAML and SCIM with Microsoft Entra ID and IAM Identity Center, following https://docs.aws.amazon.com/singlesignon/latest/userguide/idp-microsoft-entra.html.
But it says paste "SCIM endpoint URL" in the "Tenant URL" as shown below, there is no "Tenant URL" in the Microsoft Entra admin center console as mentioned in the AWS User Guide.
Step 4.3
Under Admin Credentials, in Tenant URL paste in the SCIM endpoint URL value you copied earlier in Step 4.2. In Secret Token, paste in the Access token value.
I see the "Secret Token" but I don't see "Tenant URL". Instead, I see "clientsecret". What is it? And what should I use for that?
The screenshot from MS Entra admin center is as follows.
Thanks.
- Argomenti
- Sicurezza, identità e conformità
- Lingua
- English
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hello.
In my Azure console, there is a place to enter the tenant URL.
Are you looking at a different screen than I am?
The above screen was displayed in the way described in the AWS documentation, as shown in the image below.
It appears there may be a discrepancy between the AWS documentation and the current Microsoft Entra ID interface. The "Tenant URL" field mentioned in the AWS guide is likely referring to the same field that is now labeled as "clientsecret" in the Microsoft Entra admin center console.
In this case, you should use the SCIM endpoint URL that you copied from the IAM Identity Center console as the value for the "clientsecret" field in the Microsoft Entra admin center. This SCIM endpoint URL typically follows the format: https://scim.[region].amazonaws.com/[tenant-id]/scim/v2/
For the "Secret Token" field, you should use the access token value that you copied from the IAM Identity Center console.
It's important to note that interface changes in cloud services are common, and sometimes documentation may not reflect the most recent updates. In situations like this, it's best to match the information based on the context and purpose of the fields, even if the exact labels differ.
If you encounter any issues or errors after inputting these values, it may be helpful to double-check all other configuration steps and ensure that you've enabled automatic provisioning in IAM Identity Center before attempting to configure it in Microsoft Entra ID.
Sources
Configure SAML and SCIM with Okta and IAM Identity Center - AWS IAM Identity Center
Troubleshoot IAM Identity Center SCIM provisioning | AWS re:Post
Did not work.
Hi @Riku_Kobayashi, I added my screenshot. Seems very weird. Why am I seeing the different menu?
I think the applications you are adding are different. The application you added is "AWS Single-Account Access". Now you need to add IAM Identity Center. The application selected in Step 1.1 of "Step 1: Prepare your Microsoft tenant" in the AWS documentation you are referring to is incorrect. https://docs.aws.amazon.com/singlesignon/latest/userguide/idp-microsoft-entra.html#step1-entra-microsoft-prep
Select IAM Identity Center as shown in the image below.
Oops... Seems like I just followed what the console showed. Console shows "Cloud platforms --> AWS". If I click AWS, there is only one option which is "AWS Single-Account Access". I did not know I can search AWS IAM Identity Center. Thanks!