Articles in this section

How to set up SCIM

About this article

This article provides an overview of SCIM (automatic user provisioning) and how to set it up.

 

Overview of SCIM

System for Cross-domain Identity Management (SCIM) is an industry-standard protocol for automating the exchange of user identity information between different domains or IT systems. The identity provider will automatically synchronize your data with Templafy, ensuring user and group information is always up to date. If you add or remove a user from your Active Directory (AD), the change will automatically provision or deprovision the user from Templafy.

 

 
  • Automatic provisioning will happen from the point of configuration, meaning all existing users on your Templafy tenant that are deleted from your Identity Provider prior to the setup of SCIM will not get deleted on your Templafy tenant after the SCIM configuration.
  • Email address is a unique identifier in Templafy and therefore cannot be updated. If the email address of an existing user is changed, it will create a new user in Templafy.

 

Update Frequency

The frequency at which SCIM runs in Microsoft Entra ID depends on the specific configuration and requirements of the organization. In typical setups, synchronization intervals are configured to synchronize every 35 to 40 minutes.

The frequency can be seen in MS Entra ID within the logs. Please note that stopping, pausing, or restarting does not affect the frequency and that the cycle is fixed on the time interval.

 

Known Limitations of SCIM

  • SCIM does not support nested AD Groups, only direct user membership
  • ADFS does not support SCIM
  • Okta does not support user deprovisioning via SCIM
  • "Microsoft's Entra ID currently can't provision null attributes. If an attribute is null on the user object, it will be skipped."
    • In practical terms, this means that if a particular Microsoft Entra ID user attribute is set to null or has no value when provisioning a new user account or updating an existing one, Microsoft will not handle it as expected; instead, it will ignore that attribute. This limitation is specific to Microsoft Entra ID SCIM and does not affect the authentication flow.
 

 

How to set up SCIM with Microsoft Entra ID

 

 

How to set up SCIM with Okta

 
authentication sso scim
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.