Microsoft Entra ID SCIM integration
This guide explains how to configure user synchronization from Microsoft Entra ID to Twilio using SCIM provisioning with the OAuth 2.0 client credentials grant type. This integration works with custom (non-gallery) applications in Entra ID.
Before configuring Entra ID, you must generate a secure Client ID and Client Secret from your Twilio Console to authorize the SCIM sync operations.
Twilio ConsoleLegacy Console
- Log in to Twilio Console and navigate to Settings > Organization settings > Organization API access.
- Click Create OAuth application.
- Select grant type as Client credentials.
- Enter the Application name and Application description.
- On the Scopes & permissions step, check all the managed-users permissions.
- On the Copy secret page, copy the credentials and store them somewhere secure.
- Select the Got it! checkbox and click Finish.
- Sign in to the Microsoft Entra admin center as at least an Application Administrator.
- Browse to Entra ID > Enterprise apps.
- Select New application at the top, then click Create your own application.
- Enter a name for your application (e.g.,
Twilio SCIM Provisioning). - Under the choice for "What are you looking to do with your application?", select Integrate any other application you don't find in the gallery (Non-gallery).
- Click Create at the bottom of the pane.
- Select your application created in Step 2 and go to Provisioning from the left navigation menu.
- Click on Provisioning again on the left navigation under manage (new experience) or click Get started (legacy experience).
- Change the Provisioning Mode from Manual to Automatic.
- Expand the Admin Credentials section.
- In the Authentication Method dropdown, select OAuth2 client credentials grant.
- Complete the following configuration fields:
- Tenant URL:
https://iam.twilio.com/scim/v2 - OAuth token endpoint:
https://oauth.twilio.com/v2/token - Client identifier: Enter the Client ID copied from Step 1.
- Client Secret: Enter the Client Secret copied from Step 1.
- Tenant URL:
- Click Test Connection. Entra ID will attempt to retrieve an OAuth token from your Token Endpoint and then verify SCIM engine access via the Tenant URL.
- Once the test succeeds, click Save at the top.
Once the connection test in Step 3 succeeds:
- In the Entra Portal, expand the Mappings section under the Provisioning tab.
- Review the attribute mappings for Provision Microsoft Entra ID Users.
- Disable Provision Microsoft Entra ID Groups as we don't support SCIM groups right now.
- Navigate to Users and Groups from the left-hand navigation in your Enterprise Application and assign a few test users.
- Go back to the Provisioning > Overview dashboard and click Start provisioning to begin the automated synchronization cycle.