Skip to main content

Enabling Service Principal and SCIM at Microsoft Entra ID to use Reclaim.ai

Updated over a week ago

Overview

This guide is designed for IT Administrators with high-privileged roles (e.g., Global Administrator, Privileged Role Administrator, or Cloud Application Administrator) to enable the Application Principal for Reclaim.ai.

By completing this process, you grant tenant-wide consent for Reclaim.ai to interact with your organization's Microsoft 365 data securely.

This process unlocks the ability to use SCIM (System for Cross-domain Identity Management), enabling automated user provisioning, deprovisioning, and team-wide scheduling benefits from day one.

Why enable this?

  • Zero-Touch Onboarding: Users don't have to individually approve permissions, reducing friction.

  • SCIM Provisioning: Once the service principal is active, you can leverage SCIM (System for Cross-domain Identity Management) to automate user creation and deprovisioning directly from Entra ID.

  • Centralized Security: You maintain oversight of all data access scopes from a single administrative location.

  • Scheduling Automation: Provide Reclaim with the visibility it requires to automate scheduling/rescheduling based on meeting attendee availability

1. Enabling the Application Principal (Tenant-Wide Consent)

This part of the guide covers the flow initiated when an admin clicks the Reclaim consent URL.

Prerequisites

  • Permissions: You must have the Global Administrator, Privileged Role Administrator, or Cloud Application Administrator role in Microsoft Entra.

  • Authentication: You must be logged into your Reclaim.ai account and have Team Admin status.

Step-by-Step Flow

  1. Initiate Consent: Click the URL: https://api.app.reclaim.ai/oauth/callback/microsoft/consent

    • Note: If you aren't logged into Reclaim, you will be prompted to sign in first.

  2. Microsoft Redirection: You will be redirected to the Microsoft sign-in page. Select your administrative account.

  3. Review Permissions Requested: A "Permissions requested" dialog box will appear. It will list the following scopes required for Reclaim to function:

    • User.Read.All: To reads users information.

    • MailboxSettings.Read: To read user time zone and locale information.

    • Calendars.ReadWrite: To manage calendar events.

    • Place.Read.All: To identify meeting room locations.

    • Contacts.Read: To facilitate meeting scheduling with known contacts.

    • People.Read.All: To improve attendee suggestions for meetings.

  4. Grant Consent: Check the box "Consent on behalf of your organization" (if visible) and click Accept.

  5. Verification: Once accepted, you will be redirected back to Reclaim. To verify in the Microsoft Entra portal:

    • Go to Identity > Applications > Enterprise applications.

    • Search for Reclaim.ai.

    • Under Security > Permissions, verify that "Admin consent" is granted for the scopes listed above.

2. Configuring SCIM Provisioning in Microsoft Entra

Once the Application Principal is established, you can automate your user lifecycle using SCIM.

Step 1: Generate API Key in Reclaim

  1. In Reclaim, navigate to https://app.reclaim.ai/settings/developer

  2. Name the new api key "Entra SCIM" (or any other name you like)

  3. Click Generate Key.

  4. Copy the key immediately. You will need this for the "Secret Token" field in Entra.

Step 2: Create the Provisioning App in Entra

  1. Sign in to the Microsoft Entra admin center.

  2. Go to Entra ID > Enterprise apps.

  3. Select + New application > + Create your own application.

  4. Enter a name for your application, choose the option "integrate any other application you don't find in the gallery" and select Add to create an app object. The new app is added to the list of enterprise applications and opens to its app management screen.

    The following screenshot shows the Microsoft Entra application gallery:

    Screenshot shows the Microsoft Entra application gallery.

  5. In the app management screen, select Provisioning in the left panel.

  6. Select + New configuration.

  7. Select Bearer authenticaiton.

  8. In the Tenant URL field, enter https://api.app.reclaim.ai/scim/v2?aadOptscim062020 (use the exact url provided, including the query parameter)

  9. In the Secret Token field, paste the secret generated at Reclaim (step 1)

  10. Click Test connection to confirm there is no error. Once you see a success checkmark, click Save.

Step 3: Map Attributes & Enable

  1. Under Attribute Mappings, click Provision Microsoft Entra ID Users.

  2. Ensure userName is mapped to the user's email address (userPrincipalName at some organizations) and active is mapped to the soft-delete status.

  3. Go back to the Provisioning main page.

  4. Set Provisioning Status to On.

  5. Click Save.

Those are all steps you need. If you need further assistance please reach out to your Reclaim.ai representative or contact our support team via Reclaim.ai Support or [email protected].

Related Articles
Okta SCIM - Initial Setup Guide
Okta SCIM - Import/Sync Existing Users
Why am I seeing "Error: Admin Approval Needed" when trying to connect my Outlook calendar to Reclaim?
Microsoft Entra Id SSO Setup Guide - Custom app
Did this answer your question?