Skip to main content
To request access to SCIM, you must be on an enterprise plan. Please contact us via your dedicated slack channel

What is SCIM?

SCIM (System for Cross-domain Identity Management) is an open standard (RFC 7643/7644) that lets your identity provider (IdP) (such as Okta, Microsoft Entra ID, or OneLogin) automatically manage user accounts in EmailBison. Instead of creating, updating, and removing accounts by hand, your IdP keeps them in sync for you. It handles:
  • Provisioning - when you assign a person to the app in your IdP, an account is created here automatically
  • Updates - profile changes (name, email) made in your IdP flow through to their account
  • Group sync - groups in your IdP are mirrored as teams, and membership stays in sync
  • Deprovisioning - when someone leaves your organization or is unassigned, their account is deactivated automatically, closing access immediately
SCIM works alongside SSO: SSO handles authentication (signing in), while SCIM handles the lifecycle of the account itself.

Base URL

https://your-app.example.com/api/scim/v2

Authentication

All requests must include a bearer token in the Authorization header. Authorization: Bearer <YOUR-SCIM-TOKEN> You can generate a SCIM token from your account settings. Treat it like a password - it grants full provisioning access.

Supported endpoints

Users

Groups

Discovery

Notes

  • Groups in your IdP map to teams in the application.
  • Filtering supports the equality form, e.g. filter=userName eq "jane@example.com".
  • Deactivating a user (active: false) immediately blocks access; the account and its data are retained until deleted.
  • Requests and responses use the application/scim+json content type.