Using SCIM to Provision Users and Groups

This functionality requires an appropriate pricing plan.

ProcedureFlow's support of SCIM is currently validated with Microsoft Entra ID (formerly Azure Active Directory), Okta, and OneLogin . Please contact us if you are looking for support of other identify providers.

SCIM (System for Cross-domain Identity Management) is a standardized protocol used by leading identity providers that allows companies to centralize user management and ensure users are properly added and removed from third-party software products (like ProcedureFlow).

SCIM users are the individuals who need access to various applications. Each user has a unique identifier in SCIM which allows them to be provisioned (created and added to multiple systems), de-provisioned (deleted or deactivated) or updated. 

A SCIM group is a collection of users who share permissions or access rights. Groups allow identity administrators to manage permissions and access policies more efficiently by associating users with predefined roles or scopes.

At a high-level, the procedure is as follows:

1. Create a group in the SCIM identity provider and sync with ProcedureFlow. The group will then be available in the ProcedureFlow Admin Dashboard.
2. The ProcedureFlow Admin assigns roles to the entry points for that group.
3. The users assigned to that group (and any new users later added to the group) will get those permissions.

Configuring ProcedureFlow for Automated Provisioning

Refer to the instructions specific to your identity provider:

• Microsoft Entra ID
• Okta
• generic Identity Provider or custom implementation

Once your Identity Provider is configured, configure SCIM group permissions to assign entry point permissions to groups in ProcedureFlow.