What is SCIM?

SCIM (System for Cross-domain Identity Management) helps companies automate the exchange of user information between an identity provider (such as Okta or Azure AD) and an application (like GenRocket). It is used to automate the process of managing user accounts across systems. SCIM makes user management simpler and more consistent, as shown in these examples:

  • New Employee - SCIM automatically creates user accounts in all connected systems.
  • Modifying Employees Information - Change in firstName, lastName, emailAddress 
  • Employee Leaves - SCIM automatically deactivates accounts across all systems. 


SCIM communicates between the following:

  • Identity Provider (IdP) - This is where your company keeps user accounts and passwords. Examples include Okta, Azure AD, or OneLogin.

  • Service Provider (SP) - This is a tool or app that receives the user changes and puts them into action (GenRocket in this context).


GenRocket SCIM Integration

SCIM integration lets you manage GenRocket web user accounts automatically through a single Identity Provider (IdP). Users can be added, updated, activated, or deactivated via SCIM.

In GenRocket, users can be activated or deactivated but not deleted. A deactivated user account remains in GenRocket; however, the user is unable to log in. Although the account is inactive, certain data associated with the user is preserved for compliance and auditing purposes. 

Benefits of SCIM Integration

  • Automates user management - eliminating manual updates.
  • Reduces the chance of errors by automating provisioning.
  • Keeps user data consistent across platforms.
  • Enhances security by ensuring accurate and current user access.
  • Supports compliance with access policies.
  • Scales easily for growing organizations.


How to Set Up SCIM Integration

Step 1 - Reach Out to GenRocket to Get Started

Verify that you have the necessary permissions and access to your organization's Identity Provider (IdP). Email the GenRocket team at support@genrocket.com to request the setup of SCIM integration. The GenRocket team will ask for some information to proceed further with the SCIM setup. After you receive confirmation from GenRocket that the setup is ready, proceed to the next step.  

Step 2 - Configure SCIM Integration in the IdP and Test the Connection to GenRocket

The information discussed in the table below is required to configure SCIM Integration within your IdP. Once this information has been properly configured, take a moment to test the connection and ensure it is working correctly. Follow the IdP’s instructions to complete this process. The steps will vary per provider. 


Required Item
DescriptionValue
SCIM Connector Base URL
Used by the Identity Provider (IdP) to connect to GenRocket and send automated user provisioning and management requests. 

This URL must be accessible over HTTPS and return a valid SCIM response. Certain resource paths are appended to this URL by the IdP.
Example URL: https://<app>.genrocket.com/scim/v2

<app> will vary depending on how your organization has been set up with GenRocket.

Unique Identifier Field (for Users)
An attribute that uniquely identifies each user within a SCIM system.
userName
Authentication Mode: HTTP Header, SCIM Token
An authentication token used to authorize communication between the Identity Provider (IdP) and a Service Provider (SP) over the SCIM API..
This token is provided by GenRocket and used during SCIM Integration setup through the IdP.


Step 3 - Try to Create Users, Update User Attributes, Deactivate or Activate Users 

After confirming a successful connection, you can attempt to create users, update user attributes, and deactivate or activate users.


Troubleshooting Tips

Please check the following if you are unable to create or update users: 

  1. Check the SCIM Token for validity.
  2. Ensure the Base URL and Unique Identifier Field are correctly configured in your IdP. 
  3. Verify that your IdP has the necessary permissions to manage user attributes and perform these actions.