SCIM Provisioning

SCIM provisioning is configured through the Enterprise Identity Setup wizard for organization owners and admins and remains organization-scoped.

---

Current Availability

Open the wizard from Settings → Enterprise → Enterprise Identity Setup or go directly to /settings/enterprise/identity-setup in the web app.

---

What The Current Integration Supports

When SCIM is enabled for an organization, the backend supports:

• Provisioning users into the current organization
• Updating user profile data from the identity provider
• Deactivating or reactivating access based on SCIM lifecycle events
• Applying default role-template behavior where that configuration has been set up
• Recording provisioning activity in SCIM-specific audit logs

The current implementation also supports org-scoped provisioning behavior such as auto-activation and deprovision handling.

---

Admin Expectations

• Configure SSO first, then enable optional SCIM provisioning in the same wizard.
• Copy the SCIM base URL and bearer token when the wizard generates them. The token is shown only once.
• Use your identity provider's test provisioning action, then return to the wizard to refresh SCIM status and logs.
• Review the resulting members and employee records in Employee Management.

---

Operational Notes

• SCIM is an enterprise integration and should be rolled out carefully per organization.
• Provisioned users may be auto-activated or may require follow-up review depending on the organization's configured behavior.
• Deprovisioning behavior can suspend access or deactivate the employee record depending on how the integration was configured.