TraceUnified
Product Traceability Industries Pricing
Resources
Why TraceUnified Documentation Compare Security & compliance
Book a demo Try for free

Provision users with SCIM

Make your directory the source of truth — connect SCIM so users and groups sync automatically, control how synchronization behaves, and let deprovisioning happen the moment someone leaves.

User provisioning automates the account lifecycle by syncing users and groups from your identity provider over the SCIM standard, so your directory becomes the source of truth and TraceUnified follows it — no creating and deactivating accounts by hand. This guide connects SCIM and sets how it syncs. For the concepts, see User Provisioning.

Connect SCIM

Provisioning works by giving your identity provider a place to push directory changes to.

Before you start In the Identity Portal, go to User Provisioning. You'll need administrator access and the ability to configure SCIM in your identity provider.

  1. Copy the SCIM base URL and the bearer token the portal exposes.
  2. In your identity provider, configure SCIM provisioning with that base URL and token, so directory changes push to TraceUnified.

Result When someone joins, changes teams, or leaves in your directory, that change flows to TraceUnified automatically. See User Provisioning.

Control how it syncs

You decide how often the sync runs and how current group membership needs to be.

  1. Set the sync interval for regular updates.
  2. Enable sync groups on login so a user's group membership is current the moment they sign in.
  3. Check the reported results — users synced, groups synced, and the last sync time — to confirm provisioning is working and catch it if it isn't.

Result Accounts and group memberships stay in step with your authoritative directory, with the sync status in plain view.

Note Automated deprovisioning is the real security payoff: when someone leaves, their access ends as a consequence of the directory change rather than depending on someone remembering to revoke it. Provisioning pairs naturally with single sign-on — SSO handles authentication, provisioning handles the account lifecycle behind it.

Where to go next

For the authentication side that provisioning complements, see SSO Configuration. For the administrator accounts that aren’t synced from your directory, see User Management.

Was this helpful?