Skip to content

SCIM Provisioning

VaultStream supports automated user lifecycle management via the System for Cross-domain Identity Management (SCIM) 2.0 protocol.

Supported Operations

Operation Description
Create User Provision new users
Update User Modify user attributes (name, role, teams)
Deactivate User Suspend access (audit history preserved)
Sync Groups Push groups/teams from IdP

Configuration

  1. In the Partner Portal, navigate to Settings → Provisioning → SCIM
  2. Generate a SCIM bearer token
  3. Configure your IdP (Entra ID, Okta) with:
  4. SCIM endpoint: https://api.cyfr.technology/v1/scim/v2
  5. Authentication: Bearer token
  6. Map attributes:
  7. userName → email
  8. displayName → name
  9. active → account status
  10. groups → team membership

Supported IdPs

  • Microsoft Entra ID (Azure AD)
  • Okta
  • OneLogin

Attribute Mapping

{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "userName": "jane@acme.corp",
  "displayName": "Jane Smith",
  "active": true,
  "groups": [
    {"value": "engineering", "display": "Engineering Team"}
  ]
}