rule_settings
Automate identity lifecycle
IT admins and Department Managers reclaim hours with streamlined on/offboarding and RBAC for employees and contractors
Add-ons
lock_person
Keep passwords safe
Engineering & Marketing teams love easy and safe password sharing for common accounts via encrypted vaults
security
Streamline security compliance
Business unlocks new revenue opportunities with fast SOC 2 and ISO 27001 audits thanks to audit-ready compliance evidence.
credit_score
Cut license waste
Finance teams win back 25% of software costs by easily detecting and removing unused licenses and orphaned accounts
hub
Solution overview
Find out how StackBob eliminates integration barriers and brings every application into your identity workflows.
groups
About
Get to know the StackBob.ai team and the story behind our vision.
news
Blog
Insights and strategies to help security-oriented leaders simplify access management, close security gaps, and protect business growth.
Demo
Contact Us
5 min read

Beyond Provisioning: Introducing Native IGA Reconciliation for Microsoft Entra ID

Published On: Mar 4, 2026
Contents
Contents
keyboard_arrow_down

One of the biggest problems of modern Identity Governance is the lack of connectivity between IGA platforms and enterprise applications that lack SCIM provisioning. While Microsoft Entra ID is becoming more popular for identity lifecycle management, this disconnect creates a "Visibility Gap" where access cannot be verified or governed centrally. Today, we are evolving how organizations manage their "unreachable" applications. 

We are proud to launch our Native Reconciliation Flow for Microsoft Entra ID – an extension of our enterprise flow and the first closed-loop integration designed to handle the entire set up of SCIM provisioning for SCIM-less applications from "completely disconnected" to "verified source of truth".

The evolution: From connectivity to verification

To understand the impact of this launch, we must look at the two distinct layers of management now available for any application, including SCIM-less or API-less ones.

Layer 1: Provisioning & Deprovisioning (The "Action" Layer)

Our platform has long solved the "Connectivity Gap" by serving as a bridge between Entra ID and any target application, including those without native SCIM or API support, through our proprietary agent integration.  

This layer handles the Action: when a user is hired or changes roles in Entra, we automate the creation or removal of their account in the target app, ensuring the manual "hand-offs" and tickets are a thing of the past.

Layer 2: Native Reconciliation (The "Intelligence" Layer)

Our new Native Reconciliation Flow adds the Verification layer. Instead of just sending a command, StackBob now enables full reconciliation in Entra, including initial reconciliation from the target application to create all necessary groups and assign all users natively within the directory, as well as continuous reconciliation. This closes the loop by:

  • Configuration drift detectionIf an admin makes a manual change directly inside an app (bypassing Entra) reconciliation identifies it immediately.

If an admin makes a manual change directly inside an app (bypassing Entra) reconciliation identifies it immediately.

  • Compliance verification

It provides documented proof that the access granted in Entra is exactly what exists in the application.

  • Granular visibility

It reads the "actual state" of the app, ensuring that orphaned accounts or unauthorized permissions are surfaced and remediated.

Solving the group architecture challenge

One of the most significant barriers to effective IGA is the sheer effort required to bring a new application under governance. Traditional methods often turn the initial sync into a grueling project of mapping spreadsheets and cleaning data. StackBob removes this friction by automating the ingestion of identities and group permissions directly within Entra ID, handling fine-grained access levels and license types at a scale that is technically exhaustive to maintain by hand. This level of automation ensures users have exactly the permissions they need (and nothing more), eliminating the human error inherent in manual mapping.

“Initial reconciliation shouldn’t be a multi-week data surgery exercise and governance shouldn’t break the moment someone creates an account directly in the app.

With this release, StackBob automates the heavy lifting of first-time reconciliation and continuously detects rogue accounts, closing a critical governance gap.”
Ole Shved
Ole Shved
CPO, StackBob

This approach allows using groups natively or embedding them in a way that keeps your end-to-end flow clean and documented, preventing the common mistake of "blindly pushing" groups without understanding the fine-grained permission mapping underneath.

Watch the flow in action

Why this matters for your IGA strategy

Solving the connectivity gap is about more than just convenience – it’s about closing the loop on security and compliance. By integrating disconnected apps into your Entra environment, you achieve:

  • Rapid deprovisioning

Ensure that when a user is offboarded in Entra, their access is truly revoked across the entire web stack, not just the apps that support SCIM.

  • Audit readiness

Automatically generate reports proving that access in SCIM-less apps matches your central identity policy.

  • Reduced operational overhead

Eliminate the spreadsheets and manual "staring and comparing" usually required to verify access in SCIM/API-less systems.

  • Zero trust extension

Extend your Zero Trust principles to applications that were previously technically impossible to govern.

Scaling the Ecosystem

This launch marks the first milestone in our mission to provide a universal reconciliation plane. We are committed to expanding this "closed-loop" capability to all major Identity Providers, ensuring that no matter which directory you use, your legacy stack and API-less applications remain fully governed and audit-ready.

Close the governance loop in Microsoft Entra ID

Extend your identity policies to every SCIM-less and API-less application in your ecosystem with StackBob
Schedule My Walkthrough