Skip to main content
commvault.com commvault.com
Question

SCIM integration between Entra ID and Commvault

  • September 17, 2025
  • 2 replies
  • 117 views
S
Forum|alt.badge.img+1

Hi All,

We are deploying Commvault SaaS Endpoint Backup for laptops and would like to know if SCIM provisioning in the Enterprise Application can be used to synchronize users and groups from Entra ID to the Commvault tenant.

The reason for this query is that, while SCIM synchronization successfully creates users in the Commvault tenant, the group synchronization fails with the attached error message. Could you please confirm if any additional configuration is required on the Commvault tenant side to resolve this issue?

 

 

 

2 replies

S
Vaulter
Forum|alt.badge.img+2
  • SivasankaranVaulter
  • Vaulter
  • September 19, 2025

Hi, 

The SCIM provisioning can only modify the user properties. 

It will allow to modify user group membership but will not create new groups.

Refer: https://documentation.commvault.com/11.42/software/using_azure_active_directory_as_your_identity_provider.html

S
Forum|alt.badge.img+1
  • SN5
  • Author
  • September 21, 2025

Hi Sivasankaran,

Thank you for your response. Let me explain the setup on my side: the groups were manually created inside the Commvault console using the Group IDs of the groups present in Azure AD. I then added the Group ID as an additional claim in the Enterprise App created for Commvault. As a result, the users were created automatically when they logged in and were appropriately added to the groups manually created inside the Commvault console.

I understand that SCIM will not create the groups, and as you mentioned, it will only modify the user properties.Which means, For example, if a user is removed from a group in Azure AD, will that same user also be removed from the corresponding group (Manually created by myself using Group ID) inside the Commvault console? Please confirm

 

Terms & ConditionsCookie settingsAccessibility statement