diff --git a/management-account/terraform/locals.tf b/management-account/terraform/locals.tf
index 0b895ad8..51e75845 100644
--- a/management-account/terraform/locals.tf
+++ b/management-account/terraform/locals.tf
@@ -85,6 +85,13 @@ locals {
     azure_entraid_oidc  = sensitive(jsondecode(data.aws_secretsmanager_secret_version.azure_entraid_oidc.secret_string))
   }
 
+  # Azure Auth Details
+  azure = {
+    tenant_id     = jsondecode(data.aws_secretsmanager_secret_version.azure_aws_connectivity_details.secret_string)["AZURE_TENANT_ID"]
+    client_id     = jsondecode(data.aws_secretsmanager_secret_version.azure_aws_connectivity_details.secret_string)["AZURE_CLIENT_ID"]
+    client_secret = jsondecode(data.aws_secretsmanager_secret_version.azure_aws_connectivity_details.secret_string)["AZURE_CLIENT_SECRET"]
+  }
+
   # Cost Allocation Tags
   active_tags = [
     "app.kubernetes.io/name",
diff --git a/management-account/terraform/secrets-manager.tf b/management-account/terraform/secrets-manager.tf
index 98dc5fd5..96ace326 100644
--- a/management-account/terraform/secrets-manager.tf
+++ b/management-account/terraform/secrets-manager.tf
@@ -86,3 +86,12 @@ data "aws_secretsmanager_secret_version" "azure_entraid_oidc" {
   secret_id = aws_secretsmanager_secret.azure_entraid_oidc.id
 }
 
+# Retrieving existing secret
+
+data "aws_secretsmanager_secret" "azure_aws_connectivity_details" {
+  name = "entra_id_aws_connectivity_details"
+}
+
+data "aws_secretsmanager_secret_version" "azure_aws_connectivity_details" {
+  secret_id = data.aws_secretsmanager_secret.azure_aws_connectivity_details.id
+}
diff --git a/management-account/terraform/sso-scim.tf b/management-account/terraform/sso-scim.tf
index 4e7b6347..e21acbff 100644
--- a/management-account/terraform/sso-scim.tf
+++ b/management-account/terraform/sso-scim.tf
@@ -12,7 +12,7 @@ module "scim" {
 module "entraid_scim" {
   # tflint-ignore: terraform_module_pinned_source
   source              = "github.com/ministryofjustice/moj-terraform-scim-entra-id"
-  azure_tenant_id     = "your-tenant-id"
-  azure_client_id     = "your-client-id"
-  azure_client_secret = "your-client-secret"
+  azure_tenant_id     = sensitive(local.azure.tenant_id)
+  azure_client_id     = sensitive(local.azure.client_id)
+  azure_client_secret = sensitive(local.azure.client_secret)
 }