Manage seats via SCIM using Microsoft Entra ID
In this guide, you'll learn how to manage seats in Figma using Microsoft Entra ID—formerly known as Azure Active Directory or Azure AD. To get started, follow the steps below:
- Configure app roles for the Figma Entra Gallery app
- Add the roles attribute to Figma schema
- Configure the roles attribute
- Set up security groups
- Map security groups to app roles
- Test user provisioning
Caution: Make sure you have installed the Figma application from the Microsoft Entra Gallery. Creating your own custom application won't work for this process.
Configure app roles for Figma Entra Gallery app
- Go to the Figma Enterprise App Template in Entra ID under App registrations. You may have to select the ‘All applications’ tab to find Figma.
- Navigate to the App Roles section.
- Create a new app role called Figma Full, set the allowed member type to users/groups, set the Value to Full and add a description.
- Click Apply to save the app role.
- Repeat this process for the other three App Roles for a total of four new app roles.
Display Name |
Allowed Member Type |
Value |
Description |
---|---|---|---|
Figma Full |
User/Groups |
Full |
Full access to Figma’s product suite |
Figma Dev |
User/Groups |
Dev |
Developer focused access of Figma’s products |
Figma Collab |
User/Groups |
Collab |
Collaboration access of Figma’s products |
Figma View |
User/Groups |
View |
View and comment access only |
Add custom attributes
- You must enable the creation of custom attributes for the Figma Application on Microsoft Entra ID. To do so, use the following link to open the Microsoft Entra ID portal with the schema fully enabled: https://portal.azure.com/?Microsoft_AAD_Connect_Provisioning_forceSchemaEditorEnabled=true#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null
- Open the Figma Enterprise App.
- Navigate to the Provisioning section.
- Click Edit attribute mappings.
- Expand the Mappings section and select Provision Azure Active Directory Users.
- Scroll to the bottom of the page and select Show advanced options.
- Select Edit attribute list for Figma. If these options are not available to you, open the Microsoft Entra ID portal using the following URL: Microsoft Entra ID portal with schema fully enabled.
- Add a custom attribute called roles, set the data type to string and enable multi-value.
- Save the new configuration.
Configure the roles attribute
- Open the Figma Enterprise App.
- Navigate to the Provisioning section.
- Click Edit attribute mappings.
- Expand Mappings and select Provision Azure Active Directory Users.
- Click Add New Mapping.
- Set the Mapping type to Expression and set the Expression to AppRoleAssignmentsComplex([appRoleAssignments]).
- Set the Target attribute to roles and set Apply this mapping to Always.
- Click OK to save.
Set up security groups
- Navigate to Groups.
- Create a New group called Figma Full.
- Click Create to save the security group.
- Repeat this process for the other three security groups for a total of four new groups.
These are suggested groups based on Figma’s best practices:
Group Name |
Group Type |
Group Description |
---|---|---|
Figma Full |
Security |
Full access to Figma’s product suite |
Figma Dev |
Security |
Developer focused access of Figma’s products |
Figma Collab |
Security |
Collaboration access of Figma’s products |
Figma View |
Security |
View and comment access only |
- Assign users to the four security groups.
Map Security Groups to App Roles
- Open the the Figma Enterprise App.
- Navigate to Users and groups.
- Click Add user/group.
- Set the Users and groups to the group Figma Full.
- Set the Select a role to the app role Figma Full.
- Click Assign.
- Repeat this process for the other three Security Groups and App Roles.
Security Group |
App Roles |
---|---|
Figma Full |
Figma Full |
Figma Dev |
Figma Dev |
Figma Collab |
Figma Collab |
Figma View |
Figma View |
Test user provisioning
Note: Before testing your mapping, remember to assign a test user to one of the groups.
- Open the Figma Enterprise App.
- Navigate to the Provisioning section.
- Click Provision on demand.
- Select a user to test provisioning with.
- Click Provision.