Manage seats via SCIM using Microsoft Entra ID

Who can use this feature

Available on the Enterprise plan

Organization admins only

In this guide, you'll learn how to manage seats in Figma using Microsoft Entra ID—formerly known as Azure Active Directory or Azure AD. To get started, follow the steps below:

1. Configure app roles for the Figma Entra Gallery app
2. Add the roles attribute to Figma schema
3. Configure the roles attribute
4. Set up security groups
5. Map security groups to app roles
6. Test user provisioning

Configure app roles for Figma Entra Gallery app

• Go to the Figma Enterprise App Template in Entra ID under App registrations. You may have to select the ‘All applications’ tab to find Figma.

• Navigate to the App Roles section.

• Create a new app role called Figma Full, set the allowed member type to users/groups, set the Value to Full and add a description.

• Click Apply to save the app role.
• Repeat this process for the other three App Roles for a total of four new app roles.

Display Name	Allowed Member Type	Value	Description
Figma Full	User/Groups	Full	Full access to Figma’s product suite
Figma Dev	User/Groups	Dev	Developer focused access of Figma’s products
Figma Collab	User/Groups	Collab	Collaboration access of Figma’s products
Figma View	User/Groups	View	View and comment access only

Add custom attributes

• You must enable the creation of custom attributes for the Figma Application on Microsoft Entra ID. To do so, use the following link to open the Microsoft Entra ID portal with the schema fully enabled: https://portal.azure.com/?Microsoft_AAD_Connect_Provisioning_forceSchemaEditorEnabled=true#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null
• Open the Figma Enterprise App.

• Navigate to the Provisioning section.

• Click Edit attribute mappings.
• Expand the Mappings section and select Provision Azure Active Directory Users.

• Scroll to the bottom of the page and select Show advanced options.

• Select Edit attribute list for Figma. If these options are not available to you, open the Microsoft Entra ID portal using the following URL: Microsoft Entra ID portal with schema fully enabled.
• Add a custom attribute called roles, set the data type to string and enable multi-value.

• Save the new configuration.

Configure the roles attribute

• Open the Figma Enterprise App.

• Navigate to the Provisioning section.

• Click Edit attribute mappings.
• Expand Mappings and select Provision Azure Active Directory Users.

• Click Add New Mapping.

• Set the Mapping type to Expression and set the Expression to AppRoleAssignmentsComplex([appRoleAssignments]).

• Set the Target attribute to roles and set Apply this mapping to Always.

• Click OK to save.

Set up security groups

• Navigate to Groups.

• Create a New group called Figma Full.

• Click Create to save the security group.
• Repeat this process for the other three security groups for a total of four new groups.

These are suggested groups based on Figma’s best practices:

Group Name	Group Type	Group Description
Figma Full	Security	Full access to Figma’s product suite
Figma Dev	Security	Developer focused access of Figma’s products
Figma Collab	Security	Collaboration access of Figma’s products
Figma View	Security	View and comment access only

• Assign users to the four security groups.

Map Security Groups to App Roles

• Open the the Figma Enterprise App.

• Navigate to Users and groups.

• Click Add user/group.
• Set the Users and groups to the group Figma Full.

• Set the Select a role to the app role Figma Full.

• Click Assign.
• Repeat this process for the other three Security Groups and App Roles.

Security Group	App Roles
Figma Full	Figma Full
Figma Dev	Figma Dev
Figma Collab	Figma Collab
Figma View	Figma View

Test user provisioning

• Open the Figma Enterprise App.

• Navigate to the Provisioning section.

• Click Provision on demand.
• Select a user to test provisioning with.

• Click Provision.