SSO setup: Azure AD

SCIM provisioning

1. Azure AD → Enterprise applications → New application → Non-gallery → Unimoni
2. Provisioning → Mode: Automatic → Tenant URL: https://api.unimoni.example.com/api/v1/scim/v2
3. Secret token: scim_* from the cabinet
4. Test Connection → Save

Mappings

Azure AD sends many fields by default. Disable what you do not need (telephoneNumber and the like) — Unimoni ignores them anyway, but it reduces the noise.

Groups

Enable Group provisioning. Members are synced as PATCH ops with add members / remove members op.

Token revocation

In Unimoni, revoking a scim token immediately stops the sync. Azure will start showing errors — that is normal, provisioning simply pauses.