What is SCIM used for?

I am new. Where should I start?

Purpose

This section explains what SCIM is used for and how it helps organizations manage user identities automatically across systems.

SCIM focuses on user lifecycle management, not authentication.

Scope

This guide applies to:

  • Business and enterprise accounts

  • Organizations using an external Identity Provider (IdP)

  • Automated user provisioning and de-provisioning

SCIM is commonly used with:

  • Azure AD (Microsoft Entra ID)

  • Okta

  • Google Workspace

  • Other SCIM-compatible IdPs

Prerequisites

Before using SCIM, ensure that:

  • You have a Business or Organization account

  • You have administrator privileges

  • You use an Identity Provider that supports SCIM

  • You can generate and store a SCIM access token securely

Overview

SCIM enables organizations to:

  • Automatically create users in applications

  • Update user profiles and attributes

  • Manage group membership and roles

  • Deactivate users when access is no longer required

SCIM works alongside OAuth 2.0 and OIDC but serves a different purpose.

What SCIM Is Used For

  • Automated user provisioning

  • Automated user de-provisioning

  • Profile and attribute synchronization

  • Group and role management

  • Centralized identity governance

What SCIM Is Not Used For

  • User sign-in or authentication

  • Password management

  • MFA verification

  • Token issuance

I already understand. How do I proceed step by step?

Step 1: Prepare Your Identity Provider

In your Identity Provider:

  1. Enable SCIM provisioning

  2. Select the application you want to integrate

  3. Configure user and group provisioning options

Step 2: Generate a SCIM Access Token

In the platform:

  1. Navigate to Organization Settings

  2. Open Identity & Provisioning

  3. Generate a SCIM access token

  4. Store the token securely

This token authorizes your IdP to manage users.

Step 3: Configure SCIM in the Identity Provider

In your IdP:

  1. Enter the SCIM base URL provided by the platform

  2. Paste the SCIM access token

  3. Test the connection

Step 4: Enable Provisioning

Enable one or more of the following:

  • Create users

  • Update user attributes

  • Deactivate users

  • Sync groups and roles

Once enabled, changes in the IdP are automatically applied.

Step 5: Manage Users Automatically

After setup:

  • New users are created automatically

  • Attribute changes are synced

  • Disabled users lose access immediately

No manual intervention is required.

Additional Notes

  • SCIM follows the IdP as the source of truth

  • Manual changes in the application may be overwritten

  • De-provisioned users cannot sign in

  • SCIM events are logged for audit purposes

Summary

  • SCIM automates user lifecycle management

  • It reduces manual user administration

  • It improves security and compliance

  • It complements OAuth and OIDC authentication flows

PreviousSCIM – Automated user and workspace provisioningNextUser Lifecycle management

Last updated