Businesses can integrate Birdeye with Microsoft Entra ID using both SAML Single Sign-On (SSO) and SCIM (System for Cross-domain Identity Management). This allows administrators to centrally manage user creation, updates, deactivation, role assignments, and location access directly from Entra ID.
NOTE: To integrate Entra ID with Birdeye for SSO and user provisioning, you will need your Birdeye Business ID and API Key. You can find these inside your Birdeye dashboard by navigating to Settings > Integrations > API, and copying the Business ID and API Key located under the API tab.
Step 1: Add the Application and Configure SAML SSO
Log in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Browse to Identity > Applications > Enterprise applications.
Click New application, then select Create your own application.
Enter "Birdeye" as the name of your app, select Integrate any other application you don't find in the gallery (Non-gallery), and click Create.
Once the app is created, navigate to Single sign-on from the left menu and select SAML.
Click the pencil icon to edit the Basic SAML Configuration and enter the following mandatory details:
Identifier (Entity ID): https://birdeye.com
Reply URL (Assertion Consumer Service URL): https://auth.birdeye.com/login/saml2/sso/[Your-Business-ID] (Replace [Your-Business-ID] with the actual Business ID you copied earlier. Example: https://auth.birdeye.com/login/saml2/sso/1234567890)
Click Save and close the Basic SAML Configuration pane.
Scroll down to the Attributes & Claims section. Ensure that the Unique User Identifier (Name ID) is mapped to user.userprincipalname (or an equivalent attribute that contains the user's email address). This value will be verified at Birdeye's end for successful login.
IMPORTANT: Scroll down to the SAML Certificates section, copy the App Federation Metadata URL, and share it with the Birdeye Customer Support team to finalize the SSO portion of this integration.
Step 2: Configure SCIM Provisioning API
From the left menu of your Birdeye Enterprise Application, select Provisioning.
Click Get started, then select Connect your Application.
Under Select authentication method, choose Bearer authentication.
Enter the following details:
Tenant URL: https://api.birdeye.com/scim/v2
Secret Token: Paste the API Key you copied from your Birdeye account.
Click Test Connection. Once you see a success message, click Create.
Once created, navigate to the Manage section and ensure the Provisioning Mode is set to Automatic.
Next, go to Provisioning Settings > Overview and click Start Provisioning to activate the provisioning job.
NOTE: Your SCIM provisioning job has now started. You can also use the Provision on Demand option if you need to provision a single user or a small number of accounts immediately. Otherwise, the provisioning job runs automatically on a recurring cycle approximately every 40 minutes.
Step 3: Configure User Role Management (Custom Attribute)
User roles in Birdeye are managed via a custom SCIM attribute. You must add this target attribute in Entra ID and map it to a source attribute (such as an Extension Attribute, Job Title, or Department) so Entra ID can pass the correct role to Birdeye.
In the Provisioning menu, expand the Mappings section and click on Provision Microsoft Entra ID Users.
Scroll to the bottom of the page and check the box for Show advanced options, then click Edit attribute list for Birdeye.
Scroll to the bottom of the attribute list to add a new custom attribute with the exact details below:
Name: urn:ietf:params:scim:schemas:extension:custom:2.0:User:role
Type: String
Leave all other options as default.
Click Save at the top to update the target attribute list, and confirm the changes.
You will be returned to the Attribute Mapping screen. Click Add New Mapping at the bottom of the list.
Configure the mapping as follows:
Mapping type: Direct
Source attribute: Select the Entra ID attribute you want to use to store the user's Birdeye role (e.g., extensionAttribute1, jobTitle, department, employeeType etc).
Target attribute: Select the custom attribute you just created (urn:ietf:params:scim:schemas:extension:custom:2.0:User:role).
Note: If you map your custom SCIM attribute to extensionAttribute (e.g., extensionAttribute1), you cannot set its value from the Entra ID UI — you will need to use Microsoft Graph Explorer to write values to it programmatically.
However, if you map your custom SCIM attribute to a core Entra ID user field such as department, jobTitle, employeeType, etc., you can directly set and update its value from the Entra ID Portal UI by simply editing the user profile — no Graph API needed.
Choose your mapping based on what's more convenient for your workflow, keeping in mind that core fields may already be in use for their intended purpose in some client environments.
7. Click Ok and then Save at the top of the screen.
We have now mapped the Birdeye role with Employee Type. Whatever value you set for Employee Type will become that user's role in Birdeye.
Note: The source attribute you map to in Entra ID must contain one of the exact Birdeye role values (e.g., owner, admin, guest, guest +). If you utilize custom roles in Birdeye, the mapped source attribute must match the exact spelling and casing of the custom role used in Birdeye. If a role is not explicitly passed or matched for a user, their default role in Birdeye will automatically be set to guest.
Create a new User in Entra ID
Adding a newly created user in Birdeye
Go to Enterprise Application -> Birdeye Application -> Users and groups.
Click on Add user/group.
Click on “None Selected”, a popup will appear. Add user or group.
Click on Assign.
Now it will be automatically provisioned in Birdeye when a provision Job will run. Provisioning job runs typically every 40 mins cycle. But if you want to instantly provision the user/group then you can use provision on demand option.
Step 4: Group Management and Location Access
In Birdeye, access to specific business locations is controlled by Location Groups. You can manage which locations a user has access to by assigning them to Entra ID groups and provisioning those groups to Birdeye.
IMPORTANT GUIDELINES FOR GROUPS:
Enable Group Provisioning: In the Provisioning > Mappings section, ensure that Provision Azure Active Directory Groups is enabled.
Mapping: Entra ID groups map directly to Birdeye location groups. You can view your location groups inside Birdeye by navigating to Settings > Account > Groups.
Exact Name Match: Before provisioning any group from Entra ID to Birdeye, the group must already be present inside Birdeye with the EXACT same Name.
Location Access: When a user is assigned to a provisioned group in Entra ID, they will automatically be given access to all the corresponding Birdeye locations associated with that group inside the Birdeye platform.
Default Access (No Group): If a user is not part of any synced group in Entra ID, they will be provisioned as an enterprise user and granted access to all locations by default.
Limitations: Group creation, editing, or deletion inside Birdeye cannot be performed via Entra ID. Entra ID only manages the assignment of users to existing Birdeye groups.