> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/identity-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/identity-support/user-guide/organization-admin-app/scim-automated-user-and-workspace-provisioning/what-is-scim-used-for.md).

# What is SCIM used for?

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

#### Purpose <a href="#purpose" id="purpose"></a>

This section explains what SCIM is used for and how it helps organizations manage user identities automatically across systems.

SCIM focuses on **user lifecycle management**, not authentication.

***

#### Scope <a href="#scope" id="scope"></a>

This guide applies to:

* Business and enterprise accounts
* Organizations using an external Identity Provider (IdP)
* Automated user provisioning and de-provisioning

SCIM is commonly used with:

* Azure AD (Microsoft Entra ID)
* Okta
* Google Workspace
* Other SCIM-compatible IdPs

***

#### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before using SCIM, ensure that:

* You have a Business or Organization account
* You have administrator privileges
* You use an Identity Provider that supports SCIM
* You can generate and store a SCIM access token securely

***

#### Overview <a href="#overview" id="overview"></a>

SCIM enables organizations to:

* Automatically create users in applications
* Update user profiles and attributes
* Manage group membership and roles
* Deactivate users when access is no longer required

SCIM works alongside OAuth 2.0 and OIDC but serves a different purpose.

***

#### What SCIM Is Used For <a href="#what-scim-is-used-for" id="what-scim-is-used-for"></a>

* Automated user provisioning
* Automated user de-provisioning
* Profile and attribute synchronization
* Group and role management
* Centralized identity governance

***

#### What SCIM Is Not Used For <a href="#what-scim-is-not-used-for" id="what-scim-is-not-used-for"></a>

* User sign-in or authentication
* Password management
* MFA verification
* Token issuance

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

#### Step 1: Prepare Your Identity Provider <a href="#step-1-prepare-your-identity-provider" id="step-1-prepare-your-identity-provider"></a>

In your Identity Provider:

1. Enable SCIM provisioning
2. Select the application you want to integrate
3. Configure user and group provisioning options

***

#### Step 2: Generate a SCIM Access Token <a href="#step-2-generate-a-scim-access-token" id="step-2-generate-a-scim-access-token"></a>

In the platform:

1. Navigate to **Organization Settings**
2. Open **Identity & Provisioning**
3. Generate a SCIM access token
4. Store the token securely

This token authorizes your IdP to manage users.

***

#### Step 3: Configure SCIM in the Identity Provider <a href="#step-3-configure-scim-in-the-identity-provider" id="step-3-configure-scim-in-the-identity-provider"></a>

In your IdP:

1. Enter the SCIM base URL provided by the platform
2. Paste the SCIM access token
3. Test the connection

***

#### Step 4: Enable Provisioning <a href="#step-4-enable-provisioning" id="step-4-enable-provisioning"></a>

Enable one or more of the following:

* Create users
* Update user attributes
* Deactivate users
* Sync groups and roles

Once enabled, changes in the IdP are automatically applied.

***

#### Step 5: Manage Users Automatically <a href="#step-5-manage-users-automatically" id="step-5-manage-users-automatically"></a>

After setup:

* New users are created automatically
* Attribute changes are synced
* Disabled users lose access immediately

No manual intervention is required.

***

#### Additional Notes <a href="#additional-notes" id="additional-notes"></a>

* SCIM follows the IdP as the source of truth
* Manual changes in the application may be overwritten
* De-provisioned users cannot sign in
* SCIM events are logged for audit purposes

***

#### Summary <a href="#summary" id="summary"></a>

* SCIM automates user lifecycle management
* It reduces manual user administration
* It improves security and compliance
* It complements OAuth and OIDC authentication flows
