Sync users from Azure AD into Apple Business Manager
You can use Directory Sync to sync users from Microsoft Azure Active Directory (MS Azure AD) to Apple Business Manager. After you’ve read the requirements for using SCIM and have an Azure AD administrator with permissions to edit enterprise applications standing by, you can proceed with the following tasks.
Important: You have only 4 calendar days to complete the token transfer to Azure AD and successfully establish a connection, or you must begin the process again.
Prepare Azure AD to accept the token
Sign in to the Azure web portal (https://portal.azure.com), tap on the menu icon in the upper-left corner, then select Azure Active Directory.
If necessary, select All applications in the sidebar, then select the Apple Business Manager Azure AD app (you’ll see the Apple Business Manager icon
).See the Microsoft Support article Add an application to your Azure AD tenant.
Note: You should use only the Apple Business Manager Azure AD app when connecting with SCIM.
Select Provisioning in the sidebar, tap Get Started, then select Automatic (provisioning mode).
If you’re reconnecting, you may not see Get Started. If you don’t see it, tap Edit Provisioning.
Copy the SCIM token
In Apple Business Manager
, sign in with a user that has the role of Administrator or People Manager.Tap your name at the bottom of the sidebar, tap Preferences
, then tap Directory Sync 
.Tap Connect next to SCIM, carefully read the warning, tap Copy, then tap Close.
Leave this window open to copy the tenant URL from Apple Business Manager to Azure AD.
Important: The secret token should be shared only with the Azure AD administrator.
Paste the token and tenant URL into the Azure AD app
In Apple Business Manager
, copy the tenant URL:https://federation.apple.com/feeds/business/scim
In the Apple Business Manager Azure AD app, delete any content in the Tenant URL field, then paste in the tenant URL from Apple Business Manager.
Tap Save, then tap Test Connection.
If the connection is successful, Apple Business Manager shows the SCIM connection as active. It can take up to 60 seconds to reflect the latest connection status.
In the Settings section, enter the email address of an Apple Business Manager Administrator or People Manager, then select the “Send an email notification when a failure occurs” checkbox so they receive any provisioning error notifications.
If necessary, tap Mappings and edit custom attributes.
Important: Don’t add more attribute mappings or the SCIM process will fail. See the mappings table in SCIM requirements.
Select the type of syncing and test the connection
Note: Federated authentication must be turned on for the domain before you do this task.
Specify whether you want only users assigned to the Apple Business Manager Azure AD app to sync using SCIM, or all users in Azure AD to sync using SCIM. If you’re unsure which to use, see Provisioning scope.
Turn on Provisioning Status, then tap Save.
Important: If you change the provisioning scope, you must clear the current state and restart synchronization. Contact your Azure AD administrator before you make any changes to the SCIM connection.
Check the provisioning logs to make sure the connection was successful.
Sign out of the Azure AD web portal.