When configuring your IdP to integrate with Appspace, you will need to enable SCIM for Appspace in your IdP, and provide information about Appspace’s SCIM API endpoints, including the SCIM Base URL, the unique ID for users that are provisioned, provisioning actions that are supported, and the authentication mode used.

Prerequisites

  • Account Owner role with an Appspace Platform user license.
  • A HRIS or IdP that is SCIM 2.0 compliant, such as:
    • Microsoft Azure AD
    • Okta
  • The username must follow the user’s email address.
  • Support for User endpoints only. (Group endpoints not supported currently)

Enable SCIM

Follow the instructions below to configure SCIM (System for Cross-domain Identity Management) user provisioning in Appspace.

  1. Log in to the Appspace console.
  2. Click the ☰ Appspace menu, and select Users. Click Settings at the bottom of the left menu.
  3. Click the Settings tab, and click the User Provisioning side panel tab.
  4. Select the SCIM radio button from the User Provisioning options to display the SCIM settings, and click Save.
  5. Enter the SCIM Base URL and ensure the SCIM Bearer Token has been generated below:
    • SCIM Base URL – The SCIM Base URL is the API endpoint that connects the provisioning system with Appspace. Example: https://cloud.appspace.com/identity/scim
    • SCIM Bearer Token – The authentication token that manages the SCIM API. Automatically generated, however a new token can be generated by clicking the Generate New Token link.
  6. Select the Enable User Group Sync checkbox to also include user groups in SCIM provisioning.
    Important
    External user groups provisioned from an Identity Provider (IdP) via SCIM have different characteristics than user groups created in Appspace. Refer to this article on how to manage SCIM provisioned user groups.
  7. Enable Allow Automatic Activation to automatically activate users without email invitations. This option is only available for SSO-enabled accounts.
  8. Click Save once done.