Provision users via SCIM 2.0

Enable SCIM endpoint, map attributes, and sync groups to roles.

25 min Intermediate IT Admin, Identity Engineer Updated Sep 19, 2025

View App All Guides

Overview

Enable SCIM endpoint, map attributes, and sync groups to roles.

Prerequisites

IdP with SCIM support (Okta/Azure AD/Auth0)

Permissions required

iam:configure users:manage connections:write

Downloads & Templates

SCIM attribute mapping

Spec

Steps (4)

Estimated: 25 min

1

Enable SCIM

IT Admin 5 min Back to top

Settings → Provisioning → Enable SCIM. Generate bearer token and copy SCIM base URL.

Tips

—

Validation

—

Success criteria

—
2

Configure IdP app

Identity 10 min Back to top

In your IdP, add SCIM app. Paste endpoint and token; set user and group mappings.

Tips

—

Validation

—

Success criteria

—
3
Map groups → roles

Security 5 min Back to top

Define mapping rules so IdP groups grant AccessGuard roles.
Tips

—

Validation

—
Success criteria

Pushed test user appears with correct role within 1–2 minutes.
4

Deprovisioning test

IT Admin 5 min Back to top

Disable user in IdP; verify AccessGuard disables account and revokes sessions.

Tips

—

Validation

—

Success criteria

—

About this guide

AccessGuard secures apps and external sites with hosted authentication and short-lived JWTs. Enable MFA, define RBAC permissions, and connect enterprise identity via SAML or OIDC. A lightweight HMAC bridge lets you embed login, registration, and token refresh flows on any domain without CORS pain.

Admins manage users, sessions, connections, and policies from one console. Profiles consolidate verified emails/phones, consents, KYC docs, and risk flags. Events and metrics provide visibility for security and ops.

Designed for velocity and safety: opinionated defaults, least-privilege keys, Prometheus counters, and exportable audit logs.

Provision users via SCIM 2.0

Overview

Downloads & Templates

Enable SCIM

Configure IdP app

Map groups → roles

Deprovisioning test

About this guide