User Provisioning

User Provisioning automates account lifecycle by syncing users and groups from your identity provider, using the SCIM standard. Instead of creating and deactivating accounts by hand, your directory becomes the source of truth and TraceUnified follows it.

How SCIM provisioning works

The portal exposes a SCIM base URL and a bearer token that your identity provider uses to push changes. When someone joins, changes teams, or leaves in your directory, that change flows to TraceUnified automatically — so accounts and group memberships stay in step with your authoritative system without manual effort.

Sync behavior

You control how synchronization behaves: a sync interval for regular updates, and the option to sync groups on login so a user’s group membership is current the moment they sign in. The portal reports the results — users synced, groups synced, and the last sync time — so you can confirm provisioning is working and catch it if it isn’t.

Why it matters for security

Automated deprovisioning is a real security control: when someone leaves, their access should end promptly, and SCIM ensures that happens as a consequence of the directory change rather than depending on someone remembering. Tying accounts to your directory also keeps group-based access accurate. Provisioning pairs naturally with single sign-on — SSO handles authentication, provisioning handles account lifecycle.