Automate user provisioning with SCIM

Learn how to automate the creation, deletion, and updating of Alida users.

You can optionally configure user auto-provisioning to centrally manage Alida user account changes in your Identity Provider (IdP). Once provisioning is configured, changes to Alida users (creating, updating, and deleting user accounts) are managed by your IdP. For example, when you add a new user and assign them to a specific group in your IdP, they are automatically provisioned in Alida with the specific role and permissions you configured for a corresponding group in Alida. Similarly, when you remove a user from an IdP group, their Alida role and permissions are automatically removed.

Auto-provisioning significantly reduces the manual effort required to maintain user account information, and mitigates security risks from human error, by centralizing these changes in your IdP and automating user account maintenance for Alida.

System for Cross-domain Identity Management (SCIM) is an industry standard for managing user identities in cloud-based applications and services. SCIM automates the process of adding, updating, and deprovisioning users.

SCIM version 2.0 is required. It uses REST APIs and JSON to synchronize identity data across systems.

The following are the key components of SCIM provisioning:

  1. Identity Provider (IdP): The system that manages user identities, and initiates SCIM requests to manage identities. Instructions for configuring Microsoft Azure, OneLogin, and Okta are included in this section.
  2. Alida platform: Alida is the service provider where user accounts are provisioned.
  3. SCIM Server: The Alida endpoint that receives and processes provisioning requests.
  4. SCIM Client: A feature of the IdP that sends SCIM requests to the service provider (Alida) to manage user accounts.
  5. SCIM API Endpoints: These are specific REST API URLs that process SCIM requests using standard HTTPS methods. The SCIM specification defines primary endpoints for managing different resource types. The two most common and fundamental endpoints are /Users for managing individual user entries and /Groups for handling collections of users.