SCIM User Provisioning
Automate user lifecycle management with SCIM 2.0 (System for Cross-domain Identity Management).
Enterprise Feature
SCIM provisioning is available on Enterprise plans.
What SCIM Does
- Auto-create users when added to your IdP group
- Auto-deactivate users when removed from your IdP
- Sync profile updates (name, email changes)
- Manage workspaces via group assignments
Setup
1. Generate a SCIM Token
- Go to Settings > SCIM Provisioning
- Click Generate Token
- Copy the token (it's shown only once)
- Note the SCIM Base URL
2. Configure Your Identity Provider
Use the SCIM Base URL and token in your IdP's SCIM connector settings:
- Base URL:
https://api.surestage.com/scim/v2 - Authentication: Bearer token
- Supported operations: Users (Create, Read, Update, Delete), Groups
3. Test the Connection
Most IdPs have a "Test Connection" button. Verify:
- User listing works
- User creation works
- User deactivation works
User Lifecycle
Attribute Mapping
| SCIM Attribute | SureStage Field |
|---|---|
userName | Email address |
name.givenName | First name |
name.familyName | Last name |
active | Account status |
externalId | IdP user identifier |