Why on-premise app for SCIM provisioning in Azure does not have the option for OAuth authentication?

Spasova, Monika 20 Reputation points
2024-08-13T05:54:30.8933333+00:00

When we create On-premises SCIM app in Azure, following this article (Section: Install and configure the Microsoft Entra Connect Provisioning Agent), for Authentication Method we see a dropdown with only one option Bearer Authentication (screenshot 1). When we create a SCIM app in Azure, following this article (Section: Integrate your SCIM endpoint with the Microsoft Entra provisioning service) in the dropdown there are three authentication methods (screenshot 2). There are Bearer Authentication, OAuth2 Authorization Code Grant, Oauth2 Client Credentials Grant. What should we do to display the option OAuth2 Authorization Code Grant in the On-premises SCIM app?User's image

User's image

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,370 questions
0 comments No comments
{count} votes

Accepted answer
  1. Akhilesh 8,870 Reputation points Microsoft Vendor
    2024-08-16T06:12:07.8133333+00:00

    Hi @Spasova, Monika

    Thank you for reaching us!

    The on-premises SCIM provisioning application in Azure currently supports only Bearer Authentication and does not offer OAuth authentication methods such as OAuth Authorization Code Grant or OAuth2 Client Credentials Grant. The reason for the lack of OAuth authentication in the on-premises SCIM provisioning app in Azure is due to the security and infrastructure differences between on-premises and cloud environments.

    The OAuth authorization code grant flow requires a publicly accessible endpoint for the authorization server and relies on external identity providers, which might not be feasible for on-premises applications. This is why the on-premises SCIM app in Azure uses Bearer Authentication instead OAuth authentication methods. The bearer token, issued by the Entra ID provisioning service, is included in the header of each request to authenticate the request. The bearer token is issued by the Entra ID provisioning service and is used to authenticate the requests sent to the on-premises application.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Akhilesh.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.