How to set up user groups in your IdP for System for Cross-Domain Identity Management (SCIM) in Mews

Setting up user groups for SCIM in your Mews account means you can automatically synchronize your user information across multiple platforms and manage your users from a single location - your Identify Provider (IdP), for example, Microsoft Entra ID. You can do so after initially setting up SCIM following the steps here. User groups allow for centralized role and property management through SCIM. This document guides you through setting up user groups suitable for SCIM in Mews. 

 

In this article you can learn about the following: 

To set up SCIM for your Mews account, you first need to purchase SCIM by contacting your Customer Success agent. You can learn more about how to purchase SCIM here. 

 

Before setting up user groups in SCIM, you need to: 

  • Ensure you have purchased the Identity Access Management package and that your subscription is active. 
  • Ensure you have administrative access to both Mews and your identity provider (IdP). 
  • Follow the steps for setting up SCIM in your Mews account here. 

 

Mews SCIM API synchronizes IdP Groups with Mews using a group name. The following section explains the mappings you require between Mews SCIM API and your Entra ID attributes.  

 

To create and configure IdP user groups in SCIM: 

  1. In your Entra ID console, select Provisioning from the left-hand menu, then click Provision Azure Active Directory Groups. 

how to set up SCIM - provision Entra ID users .png  

  1. In the Attribute Mapping section, ensure that you:
    1. Set the Enabled field to Yes, to enable mapping.
    2. Select the Target Object Actions checkboxes for Create, Update and Delete. 

how to set up scim - attribute mapping - enabled.png  

  1. In the Attribute Mappings subsection ensure there are only 2 fields displayed. If there any other field appears, you can delete them. 

how to set up user groups - attribute mapping fields check.png  

  1. Mews SCIM API only supports a subset of Microsoft Entra ID attributes. The system ignores other attributes. The supported attributes are: 

Mews attribute 

SCIM Attribute Name 

Required 

Description 

Name 

displayName 

Yes 

Entra ID uses Group Name as a primary identifier, it is unique within your portfolio account, and it is read-only via Mews. 

Members 

members 

Yes 

A list of User IDs that you need to add/remove from a group. 

 

  1. Select the Provisioning tab on the left side. In the Settings section, click the Scope dropdown to choose according to your needs. Mews suggests selecting Sync only assigned users and groups". 

how to set up user groups scim- scope user assingments.png  

  1. Select the Users and groups tab on the left side, then click Add user/group. 

how to set up groups scim- add user:group.png  

  1. On the Add assignment screen, select Users and Groups (none selected), then select users and/or groups from the list. 
    how to set up groups scim - Users and group panel.png  
  1. Click Select, then click Assign. 
    how to set up user groups - assing .png  

Your assigned users and groups now appear in the list in your IdP.  

When you complete the initial set up, you can enable provisioning of users.

To do so: 

  1. In your Entra ID console, select Overview from the menu on the main Application screen. 
  2. Select Start provisioning. 

how to set up user groups scim - start provisionign.png  

  1. This turns on the user provisioning functionality between your IdP and Mews SCIM API. You can turn the provision off from the IdP configuration at any time by selecting Stop provisioning.  

To learn more about how Entra ID manages the provisioning and life cycle of your users, click here. 

 

You can now go to your Mews account to finish configuring and to manage your user groups for SCIM. 

 

You can learn more about how to manage user groups for System for Cross-Domain Identity Management (SCIM) here. 

Was this article helpful?
00



Feedback