TrainMeUK LogoTrainMeUK
Home
How It Works
Product
Reports
Pricing
Resources
Login

Summer sale

Limited time

15% off monthly ยท +20% annual

15%off monthly+20%off annual
Claim offer
HomeResourcesAuto-Provision Users from Microsoft 365 into TrainMeUK (SCIM)
Back to Resources
Setup Guide
8 min read
16 September 2025

Auto-Provision Users from Microsoft 365 into TrainMeUK (SCIM)

SCIM user provisioning guide: automate Microsoft 365 to LMS user sync. Step-by-step Entra ID SCIM setup in 30 minutes. Automatic onboarding/offboarding, zero IT overhead, seamless user lifecycle management for UK compliance training.

In this guide8 sections
  • ๐Ÿ”„ Step-by-Step Setup
  • ๐Ÿงช Test It
  • ๐Ÿ’ก Troubleshooting
  • Why SCIM Provisioning Matters
  • Best Practices for SCIM Setup
  • What Happens Next
  • Related Articles
  • Frequently Asked Questions

In this guide

Progress0%
  • ๐Ÿ”„ Step-by-Step Setup
  • ๐Ÿงช Test It
  • ๐Ÿ’ก Troubleshooting
  • Why SCIM Provisioning Matters
  • Best Practices for SCIM Setup
  • What Happens Next
  • Related Articles
  • Frequently Asked Questions

What You'll Achieve

  • โœ… New starters in Microsoft 365 will automatically get a TrainMeUK account
  • โœ… When someone leaves, their TrainMeUK account will be disabled automatically

๐Ÿ‘ค Who Should Do This

A Microsoft 365 administrator with Global Admin or Application Admin rights.

๐Ÿ”„ Step-by-Step Setup

1. In TrainMeUK

  1. Go to Admin โ†’ System Settings โ†’ SCIM User Provisioning
  2. Toggle Enable SCIM on
  3. Copy the SCIM Endpoint URL
  4. Copy the SCIM Bearer Token (use the Copy button)

2. In Microsoft Entra ID

  1. Go to entra.microsoft.com โ†’ Enterprise applications
  2. Open the app you registered for TrainMeUK SSO
  3. Go to Provisioning โ†’ Get started
  4. Set Provisioning Mode to Automatic
  5. Paste the values from TrainMeUK:
    • Tenant URL โ†’ SCIM Endpoint URL
    • Secret Token โ†’ SCIM Bearer Token
  6. Click Test connection โ†’ it should say Success
  7. Click Save

3. Choose Who Syncs

  1. In the TrainMeUK app in Entra, go to Users and groups
  2. Add the groups or people who should get TrainMeUK accounts
  3. ๐Ÿ’ก Tip: Most companies assign an "All Staff" group

4. Start Provisioning

  1. Go back to Provisioning
  2. Click Start provisioning
  3. Entra will now keep TrainMeUK automatically in sync with Microsoft 365

๐Ÿงช Test It

  1. Add a test user to the group you assigned
  2. Wait up to 40 minutes for sync (or force a sync in Provisioning)
  3. In TrainMeUK go to Admin โ†’ Manage Users
  4. The test user should appear โœ…

๐Ÿ’ก Troubleshooting

Test connection fails

Check the Endpoint URL and Token are copied exactly from TrainMeUK.

User doesn't appear

Confirm they're in the assigned group in Microsoft 365.

Wrong details syncing

Default attribute mappings (email, first name, last name) are already configured โ€” you usually don't need to change them.

Why SCIM Provisioning Matters

Manual user management in training platforms creates bottlenecks and compliance risks. With SCIM (System for Cross-domain Identity Management), your user lifecycle becomes fully automated. According to Gartner research, automated user provisioning reduces IT admin costs by 60% and eliminates 70% of access-related support tickets.

Automatic Onboarding

New employees get instant access to required training based on their role and department.

Secure Offboarding

When someone leaves, their access is immediately revoked, maintaining security.

Role-Based Access

Training assignments automatically adjust when roles change in Microsoft 365.

Compliance Assurance

No manual errors mean complete audit trails and consistent compliance coverage.

Best Practices for SCIM Setup

Pro Tips for Success

  • Test with a small group first before rolling out to all users
  • Use security groups rather than individual users for easier management
  • Monitor the provisioning logs regularly to catch any sync issues early
  • Set up notifications for failed provisioning attempts
  • Document your group structure so other admins understand the setup

What Happens Next

Once SCIM provisioning is active, your training platform becomes a seamless extension of your Microsoft 365 environment. User changes in Entra ID automatically flow through to TrainMeUK, ensuring your compliance training coverage is always current and complete. For a complete overview of automated user management including SCIM, SSO, bulk import, and department sync, see our Automated User Management page.

Book a demo with TrainMeUK to see SCIM provisioning in action and learn how it can eliminate user management overhead for your organization.

Related Articles

Azure AD Integration Guide

Complete Azure AD integration setup in 60 minutes for automated user management and SSO.

Read More โ†’

Microsoft 365 SSO Setup

Set up single sign-on between Microsoft 365 and TrainMeUK for seamless authentication.

Read More โ†’

Power Automate Teams Integration

Send automated training notifications to Microsoft Teams with adaptive cards and webhooks.

Read More โ†’

Frequently Asked Questions

What is SCIM and why do I need it for my LMS?

SCIM (System for Cross-domain Identity Management) is an open standard protocol that automates user provisioning between identity providers like Microsoft 365 and applications like TrainMeUK. Without SCIM, IT teams must manually create, update, and delete user accounts when employees join, change roles, or leave. With SCIM, these processes happen automatically in real-time. For compliance training, this is critical: new starters immediately get required training assignments, role changes trigger appropriate training updates, and departing employees lose access instantly (preventing data breaches). Organizations using SCIM save 40-60 hours weekly in user management time.

How long does SCIM setup take in Microsoft 365?

Complete SCIM provisioning setup takes approximately 30-40 minutes. The process includes: enabling SCIM in TrainMeUK admin settings (2-3 minutes), copying endpoint URL and bearer token (1 minute), configuring provisioning in Microsoft Entra ID (10-15 minutes), assigning users or groups to sync (5-10 minutes), testing the connection (2-5 minutes), and starting provisioning (1 minute). Initial sync can take up to 40 minutes, but subsequent updates happen in near real-time. Our support team can guide you through setup if needed, often completing it even faster.

What happens if SCIM sync fails?

Microsoft Entra ID provides detailed provisioning logs showing exactly what happened if sync fails. Common issues include: incorrect endpoint URL or token (easily fixed by re-copying from TrainMeUK), network connectivity problems (temporary, usually resolves automatically), user attribute mismatches (configure attribute mappings), and permission errors (ensure proper admin rights). SCIM is resilient - failed sync attempts are automatically retried. You can also force manual sync anytime. The system maintains existing users if sync temporarily fails, so there's no disruption to ongoing training. Monitor provisioning logs regularly to catch and fix issues early.

Can I sync only specific user groups, not everyone?

Yes, selective provisioning is recommended best practice. In Entra ID's "Users and groups" section for the TrainMeUK app, you choose exactly which users or security groups to provision. This allows you to: pilot SCIM with a small group before full rollout, exclude contractors or temporary staff who don't need training, provision only specific departments (e.g., only office staff, not warehouse), control costs by limiting user count, and maintain separate provisioning rules for different organizational units. Changes to group membership automatically trigger user provisioning or deprovisioning in TrainMeUK.

How often does SCIM sync users between Microsoft 365 and TrainMeUK?

Microsoft Entra ID runs incremental synchronization approximately every 40 minutes for changes (additions, updates, deletions). However, you can force an immediate sync anytime in the Provisioning settings. Initial provisioning when first enabled can take longer (up to 40 minutes) as it processes all assigned users. After that, most changes sync within 40 minutes automatically. For critical scenarios like immediate offboarding, you can force sync manually. The automatic schedule ensures users are provisioned quickly without manual intervention, while not overwhelming systems with constant sync requests.

What's the difference between SCIM provisioning and SSO?

SCIM and SSO serve different but complementary purposes. SSO (Single Sign-On) handles authentication - letting users log in with Microsoft 365 credentials. SCIM handles user provisioning - automatically creating, updating, and deleting user accounts. Best practice is using both together: SCIM creates the user account automatically when someone joins, and SSO lets them log in seamlessly without separate credentials. You can have SSO without SCIM (but must manually create users), or SCIM without SSO (but users need separate passwords). Together, they provide complete automation. View pricing for our Microsoft 365 integration package including both SCIM and SSO.

Ready to Get Started?

Our team can help you set up SCIM provisioning in under 30 minutes, with full support throughout the process.

Get Setup Support View More Guides

Want audit-ready reporting without spreadsheets?

Make your compliance evidence stand on its own - even under time pressure.

See how UK organisations approach this decision โ†’
Previous Article

The 60-Minute Azure AD Integration Guide: Step-by-Step Setup

Azure AD LMS integration guide: automate user management in 60 minutes. Save ยฃ120K-ยฃ180K annually with SSO setup. 70% fewer IT tickets, 50% faster onboarding. Complete step-by-step Azure AD SSO tutorial for UK businesses.

Setup Guide12 min read
Next Article

Connect TrainMeUK to Microsoft 365 (Single Sign-On)

Microsoft 365 SSO setup guide: connect LMS in 15 minutes. Step-by-step Azure AD single sign-on configuration. Eliminate passwords, reduce IT tickets by 70%, seamless authentication for UK compliance training platforms.

10 min readSetup Guide
TrainMeUK LogoTrainMeUK Ltd

Connect Azure once. TrainMeUK handles reminders, Teams nudges, certificates, and audit-proof reports โ€” automatically.

hello@trainmeuk.co.uk
+44 1252 929213
8 George Myers Close, Ash, Guildford, Surrey, GU12 6FW

Quick Links

  • Home
  • How It Works
  • Product
  • Reports
  • Pricing
  • Resources
  • Knowledge Base

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Data Processing Addendum
  • Subprocessors
  • Acceptable Use Policy
  • FAQ

Popular Resources

Mandatory Training Requirements for UK BusinessesHow Often GDPR Training Should Be Done in the UKHow Fast You Should Produce Training Records for Auditors

ยฉ 2026 TrainMeUK Ltd. All rights reserved.

CPD Accredited Provider