Microsoft Entra On-Premises SCIM Provisioning for Linux-Hosted SCADA Web App
We are developing a single-tenant, intranet-only SCADA web app, hosted on-premises at each of our customers. The user base includes two distinct sets of users:
- Customer Users: Employees of the customer using the app, with no guarantee that all customers will utilize Microsoft Entra as their Identity Provider.
- Servicing Users: Employees of our organization responsible for servicing and administrating the app, using Microsoft Entra as the Identity Provider.
Both user groups could benefit from automatic provisioning using System for Cross-domain Identity Management (SCIM). For customer users, Microsoft's documentation provides guidance for SCIM provisioning when using Microsoft Entra: Microsoft Entra on-premises application provisioning to SCIM-enabled apps.
However, provisioning servicing users is more complicated. The use of the Microsoft Entra Connect Provisioning Agent is not feasible since it requires a Windows machine, while our app is hosted on a Linux server. Implementing a provisioning agent that could operate on our Linux server would be ideal, as we prefer to avoid maintaining a Windows machine solely for provisioning tasks.
While some customers may utilize Microsoft Entra and could potentially provision both their users and our servicing users, we seek to retain full control over the provisioning process without relying on customers to configure their Microsoft Entra tenants correctly and in due time.
Is there a Linux-compatible Provisioning Agent for SCIM-enabled applications that works with Microsoft Entra? If not, what alternatives could be considered to address this provisioning challenge?