Managing Groups with System for Cross-domain Identity Management (SCIM)

This topic describes how to manage groups in Flexera One using System for Cross-domain Identity Management (SCIM) integration with Microsoft Entra ID through the Azure portal.

Important:Groups managed via SCIM should not be updated manually.

Create a Group

To create a new group and provision it to Flexera One:

1.

In the Azure portal, navigate to Groups > New Group.

2.

Configure the group settings:

a.

Select the Group type. If you are unsure, choose Microsoft 365.

b.

Enter the Group name.

c.

Optionally, provide a group description.

d.

Click Members to add members to the group.

e.

Click Create.

3.

Go to Enterprise Applications > [Your Application] > Users and Groups > Add user/group, select the group, and click Assign.

4.

Wait for the automatic synchronization to occur (typically within 40 minutes).

During the next provisioning cycle, the group and its members will be automatically synchronized to Flexera One:

•

Existing users: Users already in Flexera One will be added to the group.

•

New users: Users not yet in Flexera One will be created and added to the group.

Update Group Information

To update group information in Flexera One:

1.

In the Azure portal, modify the group name or members:

•

To edit the display name: Go to Groups, select the group, click Properties, edit the group name, and click Save.

•

To edit members: Go to Groups, select the group, click Members, add or remove members, and click Save.

2.

Wait for the automatic synchronization to occur (typically within 40 minutes).

The updated group information will be automatically synchronized to Flexera One during the next provisioning cycle.

Delete a Group

To remove a group from Flexera One:

1.

In the Azure portal, go to Enterprise Applications > [Your Application] > Users and Groups, select the group, and click Remove Assignment.

2.

Wait for the automatic synchronization to occur (typically within 40 minutes).

When a group is deleted:

•

The group and its memberships are removed from Flexera One.

•

Individual users remain in the organization but their access may change:

•

Users who were provisioned only through this group will be moved to disabled status.

•

Users who have access through individual assignments or other groups will remain active.