# What is SCIM used for?

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

#### Purpose <a href="#purpose" id="purpose"></a>

This section explains what SCIM is used for and how it helps organizations manage user identities automatically across systems.

SCIM focuses on **user lifecycle management**, not authentication.

***

#### Scope <a href="#scope" id="scope"></a>

This guide applies to:

* Business and enterprise accounts
* Organizations using an external Identity Provider (IdP)
* Automated user provisioning and de-provisioning

SCIM is commonly used with:

* Azure AD (Microsoft Entra ID)
* Okta
* Google Workspace
* Other SCIM-compatible IdPs

***

#### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before using SCIM, ensure that:

* You have a Business or Organization account
* You have administrator privileges
* You use an Identity Provider that supports SCIM
* You can generate and store a SCIM access token securely

***

#### Overview <a href="#overview" id="overview"></a>

SCIM enables organizations to:

* Automatically create users in applications
* Update user profiles and attributes
* Manage group membership and roles
* Deactivate users when access is no longer required

SCIM works alongside OAuth 2.0 and OIDC but serves a different purpose.

***

#### What SCIM Is Used For <a href="#what-scim-is-used-for" id="what-scim-is-used-for"></a>

* Automated user provisioning
* Automated user de-provisioning
* Profile and attribute synchronization
* Group and role management
* Centralized identity governance

***

#### What SCIM Is Not Used For <a href="#what-scim-is-not-used-for" id="what-scim-is-not-used-for"></a>

* User sign-in or authentication
* Password management
* MFA verification
* Token issuance

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

#### Step 1: Prepare Your Identity Provider <a href="#step-1-prepare-your-identity-provider" id="step-1-prepare-your-identity-provider"></a>

In your Identity Provider:

1. Enable SCIM provisioning
2. Select the application you want to integrate
3. Configure user and group provisioning options

***

#### Step 2: Generate a SCIM Access Token <a href="#step-2-generate-a-scim-access-token" id="step-2-generate-a-scim-access-token"></a>

In the platform:

1. Navigate to **Organization Settings**
2. Open **Identity & Provisioning**
3. Generate a SCIM access token
4. Store the token securely

This token authorizes your IdP to manage users.

***

#### Step 3: Configure SCIM in the Identity Provider <a href="#step-3-configure-scim-in-the-identity-provider" id="step-3-configure-scim-in-the-identity-provider"></a>

In your IdP:

1. Enter the SCIM base URL provided by the platform
2. Paste the SCIM access token
3. Test the connection

***

#### Step 4: Enable Provisioning <a href="#step-4-enable-provisioning" id="step-4-enable-provisioning"></a>

Enable one or more of the following:

* Create users
* Update user attributes
* Deactivate users
* Sync groups and roles

Once enabled, changes in the IdP are automatically applied.

***

#### Step 5: Manage Users Automatically <a href="#step-5-manage-users-automatically" id="step-5-manage-users-automatically"></a>

After setup:

* New users are created automatically
* Attribute changes are synced
* Disabled users lose access immediately

No manual intervention is required.

***

#### Additional Notes <a href="#additional-notes" id="additional-notes"></a>

* SCIM follows the IdP as the source of truth
* Manual changes in the application may be overwritten
* De-provisioned users cannot sign in
* SCIM events are logged for audit purposes

***

#### Summary <a href="#summary" id="summary"></a>

* SCIM automates user lifecycle management
* It reduces manual user administration
* It improves security and compliance
* It complements OAuth and OIDC authentication flows


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://oten.gitbook.io/identity-support/user-guide/business-account/scim-automated-user-and-workspace-provisioning/what-is-scim-used-for.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.