Provision users with SCIM

The System for Cross-domain Identity Management (SCIM) specification is an open API designed to make managing user identities in cloud-based applications and services easier and faster. Enterprise Application Access (EAA) supports SCIM provisioning with Azure Active Directory and with Okta. It allows to obtain users' and groups' information quickly, sync between identity stores in near real-time and apply enforcement policies. EAA also allows user and group membership SCIM provisioning from OneLogin to EAA using generic SCIM.

It is possible to extend mapping to other SCIM attributes as specified by RFC 7643 between Azure Active Directory or Okta and Enterprise Application Access.


If a user existing in a SCIM directory does not belong to any group, the user is considered to be an invalid user for access authorization and receives a 403 forbidden error.