Manage users and groups from your identify provider.
Enterprise plan subscribers with SAML SSO enabled can opt to enable SCIM for their workspace. SCIM, or System for Cross-domain Identity Management, is an open standard that allows for the automation of user provisioning.
If you have SAML SSO enabled with a supported identity provider, you can contact us to get SCIM enabled for your workspace.
Contact us to upgrade to the Enterprise plan and enable SAML SSO.
To configure SCIM, you'll need to add a Token and URL to your SCIM provider.
The SCIM token is the same as the API access token in Secoda. As an Admin, you can self generate it by navigating to Settings page, and clicking on API under the Workspace heading. The SCIM URL is
If you have a custom Secoda domain, the SCIM URL will be https://your-custom-domain.secoda.co/api/v1/auth/scim
Follow the directions below for your identity provider to setup the SCIM integration.
- In the Okta admin pages, open the Secoda application you have for SAML 2.0
- In the General tab, click Edit and choose SCIM in the Provisioning section and Save
- In the Provisioning tab, enter the https://app.secoda.co/api/v1/auth/scim
- For the Unique identifier field for users section enter email
- For Supported provisioning actions you can enable "Import New Users and Profile Updates", "Push New Users" and "Push Profile Updates", "Push and Import for Groups".
- For Authentication mode field, choose HTTP Header and enter your Bearer token generated from your API settings in Secoda. You can now test the configuration and save
- In OneLogin's Admin panel > Applications, click Add App
- Search for the "SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML)" app and add
- Click on the Configuration tab and add your SCIM base URL as https://app.secoda.co/api/v1/auth/scim and the Bearer token generated from your API settings in Secoda.
- Click on the Provisioning tab and Enable Provisioning
- Save your App