Azure Enterprises Application update Admin Credentials for SCIM user provisioning

Narayanaswamy, M (Manjunath) 15 Reputation points
2023-09-14T10:38:40+00:00

We are in the process of implementing the SCIM for our non-gallery SAS application (Collibra).

The secret token we get from Azure AD tenant (https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token) expires in 60 min.

Is there a way we can automate the process of updating the secret token in admin credentials using PowerShell or Azure CLI?

any other potential solution such as generating a long lived secret token are appreciated.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,325 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 147.5K Reputation points MVP
    2023-09-14T12:45:34.3466667+00:00

    The admin credentials used in SCIM provisioning do not expire in 60 minutes, only when you want to rotate the password as needed.


  2. Danny Zollner 9,971 Reputation points Microsoft Employee
    2023-09-19T03:22:48.96+00:00

    The tokens used in Azure AD Provisioning need to be issued by the SCIM application. The token flow that you are mentioning is OAuth 2.0 Client Credential Grant flow, in this case using Azure AD as the issuer of the tokens. Custom non-gallery applications do not support OAuth 2.0 at this time and require long-lived bearer tokens. Given that, using short-lived OAuth 2.0 access tokens, whether issued from Azure AD or another OAuth server, will not work.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.