Sync users from Azure AD into Apple Business Essentials
You can use Directory Sync to sync users from Microsoft Azure Active Directory (MS Azure AD) to Apple Business Essentials. After you’ve read the requirements for using SCIM and have an Azure AD administrator with permissions to edit enterprise applications standing by, you can proceed with the following tasks.
Important: You have only 4 calendar days to complete the token transfer to Azure AD and successfully establish a connection, or you must begin the process again.
Prepare Azure AD to accept the token
Sign in to the Azure web portal (https://portal.azure.com), select on the menu icon in the upper-left corner, then select Azure Active Directory.
If necessary, select All applications in the sidebar, then select the Apple Business Manager Azure AD app (you’ll see the Apple Business Manager icon ).
See the Microsoft Support article Add an application to your Azure AD tenant.
Note: You should use only the Apple Business Manager Azure AD app when connecting with SCIM.
Select Provisioning in the sidebar, select Get Started, then select Automatic (provisioning mode).
If you’re reconnecting, you may not see Get Started. If you don’t see it, select Edit Provisioning.
Copy the Apple Business Essentials SCIM token
In Apple Business Essentials, sign in with a user that has the role of Administrator or People Manager.
Select your name at the bottom of the sidebar, select Preferences , then select Directory Sync .
Select Connect next to SCIM, carefully read the warning, select Copy, then select Close.
Leave this window open to copy the tenant URL from Apple Business Essentials to Azure AD.
Important: The secret token should be shared only with the Azure AD administrator.
Paste the token and tenant URL into the Azure AD app
In Apple Business Essentials, copy the tenant URL:
In the Apple Business Manager Azure AD app, delete any content in the Tenant URL field, then paste in the tenant URL from Apple Business Essentials.
Select Save, then select Test Connection.
If the connection is successful, Apple Business Essentials shows the SCIM connection as active. It can take up to 60 seconds to reflect the latest connection status.
In the Settings section, enter the email address of an Apple Business Essentials Administrator or People Manager, then select the “Send an email notification when a failure occurs” checkbox so they receive any provisioning error notifications.
If necessary, select Mappings and edit custom attributes.
Important: Don’t add more attribute mappings or the SCIM process will fail. See the mappings table in SCIM requirements.
Select the type of syncing and test the connection
Note: Federated authentication must be turned on for the domain before you do this task.
Specify whether you want only users assigned to the Apple Business Manager Azure AD app to sync using SCIM, or all users in Azure AD to sync using SCIM. If you’re unsure which to use, see Provisioning scope.
Turn on Provisioning Status, then select Save.
Important: If you change the provisioning scope, you must clear the current state and restart synchronization. Contact your Azure AD administrator before you make any changes to the SCIM connection.
Check the provisioning logs to make sure the connection was successful.
Sign out of the Azure AD web portal.