SCIM (System for Cross-domain Identity Management) is an open standard protocol that automates how user identities are created, updated, and removed across different applications. When integrated with Document360, SCIM allows your Identity Provider to automatically sync users, readers, and groups — eliminating the need for manual account management.
How SCIM simplifies user management
In most organizations, managing user access across multiple platforms is time-consuming and error-prone. Administrators have to manually add new employees and remember to remove access when someone leaves. SCIM eliminates all of this.
With SCIM enabled in Document360, your Identity Provider handles this automatically. Any change you make in your IdP syncs to Document360 right away.
- When a new employee joins, simply add them to your IdP and their account is automatically created across all connected applications, including Document360.
- When someone leaves the organization, their access across all connected applications, including Document360, is revoked automatically.
This keeps your user access accurate, secure, and always up to date, without any extra effort from your administrators.
.png)
Depending on your IdP, SCIM provisioning in Document360 lets you manage the following directly from your IdP:
- Users — Automatically provision and manage users in Document360.
- Readers — Provision reader accounts and control their content access.
- Groups — Create and sync user and reader groups for streamlined permission management.
How SCIM determines user roles
When SCIM provisions a user to Document360, it uses the isTeamAccount attribute to determine whether the person should be provisioned as a User or a Reader.
isTeamAccount value |
Role in Document360 |
|---|---|
True |
Provisioned as a User |
False or left unset |
Provisioned as a Reader |
This attribute is configured in your Identity Provider as part of the attribute mapping setup. You can set it manually per user, or use your IdP's Expression Builder to automatically assign it based on an existing attribute such as Job Title or Group membership.
For step-by-step instructions on configuring profile attribute statements in Okta, see Assign Profile attribute statements.
SCIM capabilities by provider
SCIM provisioning in Document360 is set up as part of your SSO configuration. The capabilities available depend on your Identity Provider.
| Identity Provider | Protocol | Users | Readers | Groups |
|---|---|---|---|---|
| Okta | SAML | Yes | Yes | Yes |
| Microsoft Entra | SAML | Yes | Yes | Yes |
| OneLogin | SAML | No | Yes | No |
| ADFS | SAML | Yes (via third-party tools) | Yes (via third-party tools) | Yes (via third-party tools) |
| Okta | OpenID Connect | Yes | Yes | Yes |
| ADFS | OpenID Connect | Yes (via third-party tools) | Yes (via third-party tools) | Yes (via third-party tools) |
| Other providers | SAML / OpenID Connect | Yes (if IdP supports SCIM) | Yes (if IdP supports SCIM) | Yes (if IdP supports SCIM) |
Configure SCIM with your Identity Provider
Select your Identity Provider below to get started.
SAML
Okta
Automate user, reader, and group lifecycle management between Okta and Document360 using SAML and SCIM.
SCIM with Okta →Microsoft Entra
Automate user, reader, and group lifecycle management between Microsoft Entra and Document360 using SAML and SCIM.
SCIM with Entra →OneLogin
Provision readers from OneLogin to Document360 using SAML and SCIM. Note: user and group provisioning is not supported.
SCIM with OneLogin →Other configurations
Configure SCIM provisioning with any SAML 2.0-compatible Identity Provider that supports SCIM.
SCIM with other providers →OpenID Connect
Other configurations OpenID
Configure SCIM provisioning with any OpenID Connect-compatible Identity Provider that supports SCIM.
SCIM with other OpenID providers →