Provision users with SCIM

The System for Cross-domain Identity Management (SCIM) specification is an open API that simplifies and accelerates managing user identities in cloud-based applications and services. Enterprise Application Access (EAA) supports SCIM provisioning with Azure Active Directory and with Okta. Use it to obtain users' and groups' information quickly, sync between identity stores in near real-time, and apply enforcement policies. EAA also allows user and group membership SCIM provisioning from OneLogin to EAA using generic SCIM.

It is possible to extend mapping to other SCIM attributes as specified by RFC 7643 between Azure Active Directory or Okta and Enterprise Application Access.


If an existing user in an SCIM directory doesn't belong to any group, the user is considered to be invalid for access authorization and receives a 403 error.