Context

When integrating Spacelift with Azure Entra ID (formerly Azure AD) using OIDC, organizations need efficient ways to manage user access and provisioning. While SCIM and Just-in-Time (JIT) provisioning are not currently available, there are alternative methods for managing user access at scale.

Answer

There are two main approaches to manage user provisioning when using Azure Entra ID with Spacelift:

1. IdP Group Mapping

IdP Group Mapping allows you to bulk add users and manage access by mapping Azure Entra ID groups to Spacelift spaces:

• Invite entire teams at once

• Assign teams to specific Spaces

• Manage access through your IdP groups

For detailed setup instructions, refer to the IdP Group Mapping documentation.

2. Login Policies

Login Policies provide dynamic user access management based on identity attributes:

• Create rules based on identity information available in the teams data input section

• Automatically control access based on user attributes

• Operates independently of IdP Group Mapping

For implementation details, see the Login Policies documentation.