Getting Started | Pirros

SCIM User Management Setup

Note: In order for SCIM to work, you will need SSO and JIT enabled on your Pirros firm.

Updated this week

Microsoft Azure AD / Entra ID Setup

Note: You will need Application Administrator permissions to complete these steps

Configure Azure AD Enterprise Application

Navigate to Azure Portal → Entra ID → Enterprise Applications
Click New Application → Create your own application
Name: Pirros SCIM (or similar)
Select: “Integrate any other application you don't find in the gallery”
Click Create

Configure SAML SSO

Go to Single sign-on → Select SAML
Configure Basic SAML Configuration:

Identifier (Entity ID): urn:auth0:<tenant-name>:<auth-connection-id> (Copy from Pirros Settings page)
Reply URL: https://<tenant-name>.us.auth0.com/scim/v2/connections/<auth-connection-id> (Copy from Pirros Settings page)

Configure User Provisioning (SCIM)

Go to Provisioning → Get started → Provisioning (in sidebar)
Set Provisioning Mode to Automatic
Admin Credentials:

Tenant URL: https://<tenant-name>.us.auth0.com/scim/v2/connections/<auth-connection-id> (Copy from Pirros Settings page)
Secret Token: (Copy from Pirros Settings page)

Click Test Connection to verify.
In the sidebar, navigate to Attribute Mappings, then in Provision Microsoft Entra ID Users (not Groups):
1. Ensure Enabled is set to Yes
2. Ensure that Target Object Actions are enabled for Create, Update and Delete
3. make sure the following fields are mapped correctly:

userName → userPrincipalName
name.givenName -> givenName
name.familyName → surname
emails[type eq "work"].value -> mail
active → Switch([IsSoftDeleted], , "True", "False", "False", "True")

Navigate to Users and Groups and begin making assignments to the app. Provisioning via Azure happens on a schedule, so it can take up to 45 minutes for these changes to push to Pirros. If you need to provision a user immediately, navigate to Provision on demand

Okta Setup

1. Create Okta Application

Navigate to Okta Admin Console → Applications → Create App Integration
Select SAML 2.0 → Next
App Name: Pirros SSO (or something similar)

2. Configure SAML Settings

Single sign-on URL: https://<tenant-name>.us.auth0.com/scim/v2/connections/<auth-connection-id> (Copied from Pirros SSO Settings Page)
Audience URI (SP Entity ID): urn:auth0:<tenant-name>:<auth-connection-id> (Copied from Pirros SSO Settings Page)
Name ID format: EmailAddress
Application username: Email

3. Configure SCIM Provisioning

Go to Provisioning tab → Configure API Integration
Check Enable API integration
API Credentials:
- Base URL: https://<tenant-name>.us.auth0.com/scim/v2/connections/<auth-connection-id> (Copied from Pirros SSO Settings Page)
- API Token: (Copied from Pirros SSO Settings Page)
Click Test API Credentials
Enable provisioning features:
- Create Users
- Update User Attributes
- Deactivate Users

Related Articles

Set Up Single Sign-On (SSO) and SCIM User Management in Azure AD/Microsoft Entra ID

Roles and Permissions in Pirros