Skip to main content

SCIM Provisioning

Enterprise
note

SCIM provisioning is a roadmap capability delivered as a custom engagement, not a self-serve GA feature today. There is no self-serve SCIM enablement screen, SCIM base URL, or bearer-token flow in the product yet. If automated user lifecycle management is a requirement for your deployment, contact your account manager so we can scope what is available for your environment.

SCIM (System for Cross-domain Identity Management) is designed to enable automatic user provisioning and deprovisioning synchronized with your identity provider.

Overview

SCIM is designed to provide:

  • Automatic user creation on hire
  • Automatic deactivation on termination
  • Group/team synchronization
  • Real-time updates

How SCIM Works

Identity Provider (IdP)

SCIM API

Containment.AI

User Created/Updated/Removed
  1. User added in IdP → SCIM creates user
  2. User updated in IdP → SCIM updates user
  3. User removed in IdP → SCIM deactivates user

Identity Providers

SCIM is designed to interoperate with SCIM 2.0 compliant identity providers, including Okta, Azure AD / Entra ID, OneLogin, JumpCloud, Ping Identity, and Google Workspace. The exact set of supported providers is confirmed per engagement.

Getting Started

SCIM provisioning requires a custom implementation with your identity and infrastructure teams. Contact your Containment.AI account manager or sales team to begin:

  1. Requirements gathering - Discuss your IdP and user-lifecycle needs
  2. Architecture review - Confirm supported providers and attribute mappings
  3. Implementation - Configure and connect provisioning
  4. Testing - Verify provisioning and deprovisioning behavior
  5. Production - Go live with monitoring