All Collections
Integrations & SSO
Learnster Azure AD SCIM Integration
Learnster Azure AD SCIM Integration

How to set up SCIM integration with Learnster.

Michael Smietana avatar
Written by Michael Smietana
Updated over a week ago

System for Cross-Domain Identity Management (SCIM) is an open standard protocol for automating the exchange of user identity information between identity domains and IT systems. With Learnster, it can be used to provision and synchronize user information between your directory service and Learnster.

This article assumes that you are using Azure AD as your directory service but Learnster's SCIM integration will also work with other services that have SCIM support like, for instance, Okta.

SCIM can, for instance:

  • be used to automatically create users in Learnster when their accounts are created in Azure AD.

  • automatically configure user attributes based on attributes in Azure AD.

  • manage the users all the way to off-boarding, where users can automatically be deleted from Learnster when removed from Azure AD.

You can read more about Microsoft's SCIM implementation here: SCIM synchronization with Azure Active Directory

Set up Azure AD SCIM for Learnster

1. If you already have an Azure AD Enterprise application for Learnster (for SSO for instance), you can reuse the same Azure AD app. In this case, please find your Learnster app in Azure AD, open it and skip to step 4 in this guide.

If you don't have a Learnster Azure AD app or want to use separate Azure AD applications for different functions, start by by going to Enterprise applications and click the + New application button.

2. On the next page, choose + Create your own application.

3. Enter the name of the application and choose "Integrate any other application you don't find in the gallery" and click Next.

4. Click Provision User Accounts.

5. Click Get started.

6. On the "Provisioning" page, select Automatic as Provisioning Mode and fill in the Tenant URL and Secret Token fields. will find both the Tenant URL and Secret Token values in Learnster Studio under Settings/Integrations...

..turn on Enable Azure SCIM and copy the Tenant URL and Secret Token and paste them into Azure AD. The next step is to click the Test Connection button and then to save your configuration.

7. You can control whether both users and groups and also which users and groups should be provisioned under provisioning settings.

❗ Please note that before enabling the provisioning for your whole organization, you should perform a test with a test user or a small sub-group of users to make sure that you have configured the provisioning correctly. This is especially important in so-called "brownfield" scenarios where you already have users in Learnster. If you already have user accounts in Learnster, make sure to always test how SCIM will affect your existing user accounts. If you are not an Azure AD SCIM guru already, you can read how to set up a user subset in this article.

Azure AD Users Mapping

Azure AD Users are provisioned as Learnster user accounts. Learnster supports the following user attribute mappings:

Azure Active Directory User

Learnster User



User primary email


Unique user identifier (SSO)

New in v14


Is user active


Full name




Secondary email


Not used


First name


Last Name


Not used



Removed in v14, Company in Learnster is now mapped to companyName in AD



New in v14


User address street


User address city


Not used


User address postal code




Phone number

Please see comment below*


Phone number

Please see comment below*


Not used


SCIM external id


Not used



New in v14, please see comment below**


Not used


Direct Manager

New in v14

*❗ Please note that Learnster only accepts phone numbers formatted according to the E.164 standard. Please remove mapping of telephoneNumber and mobile if phone numbers in your directory service does not comply with the E.164 standard. Please also note that telephoneNumber and mobile are represented as an array in SCIM (see SCIM Data Mapping for more info) and can hold multiple numbers. Learnster only supports one phone number per user. If an array with more than one number is provided, Learnster will use the first number in the array.

** ❗ Please note that Azure AD does not use companyName SCIM mapping by default. If you want to use companyName and map it to Company in Learnster you need to add this mapping manually in Attribute Mapping settings. When doing this, if you have an active provisioning running, you will have to click "Restart provisioning" for AD to start using your new Attribute Mapping settings.

Please see this article for in-depth attributes mapping information: SCIM Data Mapping.

Azure AD Groups Mapping

Azure AD Groups are mapped as Tags in Learnster. Tags are automatically created in Learnster for provisioned AD Groups and group members are automatically tagged with the corresponding group tags. Azure AD Groups are mapped as follows:

Azure Active Directory Group

Learnster Tag


Tag name (A numbered suffix is automatically added to the tag name if it already exists to avoid conflicts)


SCIM external id


Members (as users in Learnster) are automatically tagged with the tag

Attribute Mapping

You can control what attributes should be provisioned under Attribute Mapping settings in Azure AD (please note, Azure AD will show more mappings by default than are actually used, view mappings above to see which ones are used):

8. It's recommended to configure a notification email under Settings.

9. Once you're ready with your configuration, don't forget to enable it under Status/Provisioning Status. Please note that it's always recommended to test user provisioning with a smaller subset of users before you put it into production. You can learn how to set up a setup Azure AD to synchronize a subset of users in this article.

Related articles

Did this answer your question?