Integration Guide

SCIM Provisioning

Automate user provisioning and deprovisioning with SCIM 2.0 integration. Connect OAuth42 with your identity provider for seamless user lifecycle management.

What is SCIM?

SCIM (System for Cross-domain Identity Management) is an open standard for automating the exchange of user identity information between identity domains or IT systems.

OAuth42's SCIM 2.0 implementation allows you to:

  • Automate user provisioning - Automatically create user accounts when new employees join
  • Sync user attributes - Keep user profiles up-to-date across systems
  • Manage group memberships - Automatically add/remove users from groups
  • Deprovision users - Automatically deactivate accounts when employees leave

Setting Up SCIM

1

Generate SCIM Token

First, generate a SCIM bearer token in your OAuth42 dashboard:

  1. Log in to the OAuth42 Dashboard
  2. Navigate to Settings → Integrations → SCIM
  3. Click "Generate SCIM Token"
  4. Save the token securely (you won't be able to view it again)
2

Configure Your Identity Provider

Configure your identity provider (Okta, Azure AD, Google Workspace, etc.) to use OAuth42's SCIM endpoints:

SCIM Endpoint Configuration:

https://api.oauth42.com/scim/v2
Bearer <your-scim-token>
3

Test the Integration

Verify that your SCIM integration is working correctly:

  1. Create a test user in your identity provider
  2. Verify the user appears in your OAuth42 dashboard
  3. Update the user's attributes (email, name, etc.)
  4. Confirm changes are reflected in OAuth42
  5. Deactivate the user and verify they're deactivated in OAuth42

Supported Identity Providers

Okta

Full SCIM 2.0 support with automatic user provisioning and group sync.

Okta SCIM Guide

Azure Active Directory

Enterprise-grade integration with Microsoft 365 and Azure AD.

Azure AD SCIM Guide

Google Workspace

Seamless integration with Google's identity platform.

Google SCIM Guide

OneLogin

Complete SCIM 2.0 implementation with advanced attribute mapping.

OneLogin SCIM Guide

SCIM API Reference

OAuth42 implements SCIM 2.0 endpoints for user and group management:

GET /scim/v2/UsersList users

Retrieve a list of users with optional filtering and pagination.

POST /scim/v2/UsersCreate user

Create a new user with specified attributes.

PATCH /scim/v2/Users/:idUpdate user

Update user attributes using SCIM PATCH operations.

DELETE /scim/v2/Users/:idDelete user

Deactivate or remove a user from the system.

View Complete API Documentation

Troubleshooting

Authentication Failures

If you're seeing 401 Unauthorized errors:

  • Verify your SCIM token is correctly configured in your IdP
  • Ensure the token hasn't expired (tokens are valid for 1 year)
  • Check that the Authorization header uses "Bearer" prefix

Users Not Syncing

If users aren't being created or updated:

  • Verify SCIM provisioning is enabled in your IdP
  • Check attribute mappings match OAuth42's schema
  • Review SCIM logs in your dashboard for error details
  • Ensure required fields (email, username) are being sent

Need Help?

Our support team is here to assist with SCIM integration:

Contact Support

Related Documentation

API Reference

Complete reference for all OAuth42 APIs

Security Best Practices

Learn how to secure your SCIM integration

Tutorials

Step-by-step guides for common scenarios