Use SCIM to import users into Apple School Manager
You can use SCIM to import users from Microsoft Azure Active Directory (MS Azure AD) to Apple School Manager. After you’ve read the requirements for using SCIM with Apple School Manager and you have an Azure AD administrator with permissions to edit enterprise applications standing by, you can proceed with the following tasks.
Important: You have only 4 calendar days to complete the token transfer to Azure AD and successfully establish a connection, or you must begin the process again.
Prepare Azure AD to accept the token
Sign in to the Azure web portal (https://portal.azure.com), click on the menu icon in the upper left corner, then select Azure Active Directory.
If necessary, select All applications from the sidebar, then select the Apple School Manager Azure AD app (you’ll see the Apple School Manager icon ).
See the Microsoft Support article Add an application to your Azure AD tenant.
Note: You should use only the Apple School Manager Azure AD app when connecting with SCIM.
Select Provisioning from the sidebar, click Get Started, then select automatic (provisioning mode).
If you are reconnecting, you may not see Get Started. If you don’t see it, click Edit Provisioning.
Copy the Apple School Manager SCIM token
In Apple School Manager , sign in with an account that has the role of Administrator, Site Manager, or People Manager.
Click Settings at the bottom of the sidebar, click Data Source below Organization Settings, then click Connect to Data Source.
Click Connect next to SCIM, carefully read the warning, click Copy, then click Close.
Leave this window open to copy the tenant URL from Apple School Manager to Azure AD.
Important: The secret token should be shared only with the Azure AD administrator.
Paste the SCIM token and tenant URL into the Apple School Manager Azure AD app
In the Apple School Manager Azure AD app, delete any content in the Secret Token field, paste in the token from Apple School Manager, then click Save.
In Apple School Manager, copy the tenant URL.
In the Apple School Manager Azure AD app, delete any content in the Tenant URL field, paste in the tenant URL from Apple School Manager, then click Save.
Apple School Manager tenant URL: https://federation.apple.com/feeds/school/scim
Click Test Connection.
If the connection is successful, Apple School Manager shows the SCIM connection as active. This process can take up to 60 seconds for Apple School Manager to reflect the latest connection status.
Enter the email address of an Apple School Manager administrator, Site Manager, or People Manager, then select the Send an email notification when a failure occurs checkbox so they receive any provisioning error notifications.
If necessary, click Mappings and edit custom attributes.
Important: Don’t add additional attribute mappings or the SCIM process will fail. See the mappings table in SCIM requirements.
Select the type of syncing and test the connection
Specify whether you want only users assigned to the Apple School Manager Azure AD app to sync using SCIM, or all users in Azure AD to sync using SCIM. If you are unsure which to use, see Provisioning scope.
Turn on Provisioning Status, then click Save.
Important: If you change the provisioning scope, you must clear the current state and restart synchronization. Contact your Azure AD administrator before you make any changes to the SCIM connection.
Check the provisioning logs to make sure the connection was successful.
Sign out of the Azure AD web portal.
If necessary, in Apple School Manager turn on federated authentication for the domain.
Note: Tokens expire after 1 calendar year, so you should create a second token 60 days before the first token expires. See Manage existing SCIM token and connections.