---
title: "Automatic User Provisioning"
slug: "automatic-user-provisioning"
updated: 2025-08-26T06:33:18Z
published: 2025-08-26T06:33:18Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.commbox.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Automatic User Provisioning

## Overview

CommBox allows clients to create and manage users directly from their Identity Provider (IdP) of choice, such as Microsoft Entra ID (Azure). Any new users (agents or teams) added to the IdP will automatically be reflected in the CommBox platform, reducing errors and ensuring centralized, secure management. This integration guide uses Entra ID (formally Azure) as an example. Contact us if you need help with a different IdP provider.

With this integration you’ll be able to: • Create users in CommBox • Remove (deactivate) CommBox users when they no longer require access • Keep user attributes synchronized between CommBox and Entra ID • Set groups to CommBox permission profiles • Set [Single Sign-on](https://help.commbox.io/docs/single-sign-on) in CommBox

## Prerequisites

This guide assumes that you already have the following prerequisites: • [A Microsoft Entra tenant](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-create-new-tenant) • One of the following roles: [Application Administrator](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#application-administrator), [Cloud Application Administrator](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#cloud-application-administrator), or [Application Owner](https://learn.microsoft.com/en-us/entra/fundamentals/users-default-permissions#owned-enterprise-applications). • A user account in CommBox with Admin permissions.

## Step 1: Plan your provisioning deployment

- Learn about [how the provisioning service works](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/user-provisioning)
- Determine who will be in [scope for provisioning](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/define-conditional-rules-for-provisioning-user-accounts)
- Determine what data to [map between Microsoft Entra ID and CommBox](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/customize-application-attributes)

## Step 2: Obtain API Key for provisioning

1. At the CommBox platform, navigate to **Settings** > **API** module, and click on the viewing icon at the API collum.

![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/API%20Key1.png)

2. Copy the API key.

![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/API%20Key2.png)

This API Key will be used as a Secret Token in the [Admin Credentials Section](https://docs.google.com/document/d/1TNKzuFSftWfonClVvW8ivowhVT_JKxmYuUfh9YMyyAA/edit?tab=t.0#heading=h.xww6xq413x43) of the Provisioning configuration in Azure.

## Step 3: Create Azure AD Custom Application

1. On the sidebar menu click on **Enterprise applications** and next click on the **+ New application** button.![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov3-1.png)

1. In the **Microsoft Entra Gallery** select **+ Create your own application****** ![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov3-2.png)
2. In the name of your app field enter the application name, for example: yourbrandname.combox.io and check the **Integrate any other application you don't find in the gallery (Non-gallery)**radio button option.![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov3-3.png)
3. On the bottom of the page, click **Create**.

## Step 4: (Optional) Add A New User in Azure AD

1. Sign in to [Azure portal](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview) as a User administrator for the organization.
2. Search for and select [Azure Active Directory](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview) from any page (also known as Microsoft Entra ID). ![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov4-2.png)

1. **Create User** - Select Users (Under Manage) on the sidebar menu, and then select **Create new user**.![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov4-3.png)

1. On the **Create new user**page, enter the required information for this user.![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov4-4.png)**Note**: The **User principal name** in Azure Ad will be used for SAML authentication as oppose to the **user.username** used in CommBox.

1. After entering the user information, click on **Review + create**.
2. On the next screen, review the created user information, add Basics, Properties, and Assignments as desired and required, and click **Create**.  
![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov4-6.png)

## Step 5 (Optional): Create A New Security Group in Azure AD

Create a security group in Azure Active Directory and add owners or members to the group.

1. Click **Azure Active Directory**  
![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov5-1.png)
2. In the Manage section, click **Groups.**  
![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov5-2.png)

1. Click the **New group** tab to create a new group in Azure Active Directory.
2. On the New Group page, enter the details for the new group.  
![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov5-4.png)
  1. Select a Group type (Security).
  2. In the **Group name** field, enter the **group name**.******NOTE:**The Group Name after Provisioning will become the Permission Profile name in CommBox.****

c. In the **Group description** field, add a description to the group.

d. Select the **Membership type**.

e. You can optionally add members or users to the group.

Click the link under **Owners**or **Members**to populate a list of every user or member in your directory. Choose users or members from the list, and then click **Select**.

5. Click **Create**.

## Step 6: Assign Existing Users/Groups to The Application

1. Navigate to **Home**  > [Azure Active Directory](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview)**>****Enterprise applications**.
2. Click on [https://brandname.commbox.io](https://brandname.commbox.io) (as an example)
3. Click the **User and groups** on the sidebar and then click **+ Add user/group**.![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov6-3.png)
4. If you don’t see any users, click on **None Selected.**
5. Select the user/s you wish to assign to the application and click **Assign**.

## Step 7: Configure Automatic User and Groups Provisioning to CommBox

This section guides you through the steps to configure the Microsoft Entra provisioning service to create, update, and disable users in CommBox based on user assignments in Microsoft Entra ID.

1. Sign into the *[Microsoft Entra admin center](https://entra.microsoft.com/) as a [Cloud Application Administrator](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#cloud-application-administrator) or higher authority.*

2. Navigate to **Identity** > **Applications** > **Enterprise applications**![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov7-2.png)

3. In the applications list, select brandname.commbox.io. (for your business).![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov7-3.png)

4. On the side-bar menu, under Manage, select **Provisioning**.

![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov7-4.png)

5. Set the Provisioning Mode to **Automatic**.![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov7-5.png)

6. At the Admin Credentials Section set:

1. [https://api.commbox.io](https://api.commbox.io/auth/scim)[/](https://api.commbox.io/auth/scim)[auth/scim](https://api.commbox.io/auth/scim) in the Tenant URL.
2. In the Secret Token field Insert the API Key obtained earlier (Step 2).
3. Click on **Test Connection**![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov7-6c.png)
4. Review the status message. If the Admin Credentials are working correctly the next message will appear:![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov7-6d.png)

7. Navigate to the**Mappings** section and set the Mappings as follows:![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov7-7.png)

1. Update the **Users Attributes** and click **SAVE**. ****

| **customappsso Attribute** | **Microsoft Entra ID Attribute** | **Matching precedence** **** |
| --- | --- | --- |
| userName | userPrincipalName | * 1 |
| active | Switch([IsSoftDeleted], "False", "True", "True", "False") |  |
| displayName | displayName |  |
| emails[type eq "work"].value | mail |  |
| name.givenName | givenName |  |
| name.familyName | surname |  |

| **customappsso Attribute** | **Microsoft Entra ID Attribute** | **Matching precedence** |
| --- | --- | --- |
| displayName | displayName | * 1 |
| members | members |  |

* In the EDIT mode, 1 means that **Match objects using this attribute = Yes**

1. Configure the **scoping filters** by following the instructions outlined in the **[Scoping filter tutorial](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/define-conditional-rules-for-provisioning-user-accounts)**.
2. In the **Settings** section, set the **Provisioning Status** to **On** to enable the Microsoft Entra provisioning service for CommBox.  
![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov7-9.png)
3. Define which users you want to provision to CommBox by selecting the appropriate values under **Scope** in the **Settings** section.![](https://cdn.document360.io/cce107c7-3390-46bd-a6cf-3120b27c4105/Images/Documentation/Auto%20Prov7-10.png)
4. When ready to provision, click **Save**.  
This action starts the initial synchronization cycle of all users and groups defined in **Scope**in the **Settings**section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Microsoft Entra provisioning service is running.

## Step 8: Monitor your deployment

Once you've configured provisioning, use the following resources to monitor your deployment:

- Use the [provisioning logs](https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-provisioning-logs) to determine which users have been provisioned successfully or unsuccessfully
- Check the [progress bar](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user) to see the status of the provisioning cycle and how close it is to completion
- If the provisioning configuration seems to be in an unhealthy state, the application goes into quarantine. Learn more about quarantine states [here](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/application-provisioning-quarantine-status).

********************************************************************************

**Related Articles:**

- [SAML authentication with Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/architecture/auth-saml)
- [Quickstart: Add an enterprise application - Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal)
- [Managing user account provisioning for Enterprise Apps](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/configure-automatic-user-provisioning-portal)
- [What is application access and single sign-on with Microsoft Entra ID?](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/what-is-single-sign-on)
- [Learn how to review logs and get reports on provisioning activity](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/check-status-user-account-provisioning)