Skip to main content
SCIM (System for Cross-domain Identity Management) lets you automatically provision and deprovision organization members from your identity provider (IdP). When you assign a user in your IdP, they’re created in Strada. When you remove them, they’re deactivated. Navigate to Settings > Organization > SCIM Provisioning to configure.

Setting Up SCIM

Click Set Up SCIM and select your identity provider:
  • Okta
  • Microsoft Entra ID
  • JumpCloud
  • OneLogin
  • CyberArk
  • PingFederate
  • Rippling
  • Generic SCIM
Optionally add a Display Name to identify the connection, then click Create Connection. After creation, you’ll see a Base URL and Bearer Token. Copy both immediately and configure them in your IdP’s SCIM app settings. The bearer token cannot be viewed again after closing the dialog.

Connection Details

Once configured, the SCIM Connection card shows:
  • Status - The connection status (e.g., active)
  • Identity Provider - The IdP you selected
  • Base URL - The SCIM endpoint your IdP should call (click to copy)
  • Bearer Token - Masked, showing only the last four characters

Group-to-Role Mapping

Map IdP groups to Strada roles so members automatically receive the correct permissions when provisioned. Select a group from your IdP, choose a Strada role, and click the + button to add the mapping. Click Save Mappings to persist changes. Groups appear after your IdP pushes them via SCIM. All roles except Strada Admin can be assigned through group mappings.

Rotating the Bearer Token

Click Rotate Token to generate a new bearer token. During rotation, the current token remains active so you can update your IdP without downtime.
  1. Click Start Rotation to generate the new token
  2. Copy the new token and update your IdP configuration
  3. Click Complete Rotation to deactivate the old token
You can also Cancel Rotation to discard the new token and keep using the current one.

Deleting the Connection

Click Delete Connection to remove the SCIM integration. This stops new provisioning and deprovisioning, but existing members are not affected.

Visibility

SCIM Provisioning is only visible to Admin, IT Admin, and Executive roles. Creating, configuring, and deleting connections requires Admin or IT Admin.