This guide explains how to create an Azure AD app to provision Cmd accounts.
Global admin privileges are required to enable SCIM in Cmd.
This process works as long as the Azure AD accounts have a primary email. In our testing, we achieved this by inviting existing Azure accounts to Azure AD.
Because of how Azure batches SCIM synchronization, new accounts may not be provisioned for up to 40 minutes.
Table of Contents
In the Cmd web app, go to global security settings and scroll down to the, 'SCIM' section.
Select enable SCIM, then save a copy of the Tenant URL and Secret token (or keep this page open). You will provide them to Azure later.
In the Azure Portal, navigate to 'Azure Active Directory', then 'Enterprise applications'.
Click + New application:
Select Non-gallery application, then name your new app (e.g. 'Cmd'), and click Add.
In the overview for your new application, go to the Provisioning section.
Enter the Tenant URL and Secret token you got from Cmd, and set the 'Provisioning Status' to On, then click Save:
How to provision users and user groups
Follow these steps to create Cmd accounts for Azure users.
To add individual users to Cmd, follow Microsoft's instructions to add users to your Azure app.
Once you add a user to the Azure app, Cmd will provision their account.
Groups of users
To add groups of users to Cmd, follow Microsoft's instructions to add user groups to your Azure app.
They will also have a role associated with their Cmd accounts. The role comes directly from the "name" property of the Azure user group:
To assign a user multiple roles, just assign them to multiple Azure groups with the desired Cmd roles as their group names, and add all the groups to Cmd.
Confirm that the new users appear on the Cmd web app in the 'Users & roles' settings page.
You can also read a full example of how to use Cmd roles to grant varying permissions.
To learn more about third-party integrations, including other SCIM providers, see the