Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Automated User Provisioning with SCIM

Set up SCIM provisioning to automatically create, update, and deactivate users in Security Journey.

SCIM User Provisioning (Automated Learner Management)

Security Journey supports SCIM (System for Cross-domain Identity Management) to automate learner provisioning and lifecycle management directly from your Identity Provider (IdP). Once SCIM is enabled, your IdP can automatically:

  • Create new learners in Security Journey

  • Update learner details (name, email, department, etc.)

  • Archive/deactivate learners who no longer need access

SCIM is an open standard supported by many identity providers, including Okta and Microsoft Entra ID (Azure AD). Enabling SCIM helps eliminate manual user administration and ensures your learner population stays accurate and up to date.

Benefits of SCIM in Security Journey

Using SCIM provisioning allows your organization to:

  • maintain an accurate learner roster automatically

  • reduce admin time spent managing accounts

  • ensure consistent onboarding/off-boarding processes

  • prevent stale or unauthorized accounts from remaining active

Requirements

Before configuring SCIM, ensure the following:

Identity Provider Requirements

  • A SAML 2.0 Identity Provider that supports SCIM provisioning

    • Example providers:

      • Okta

      • Microsoft Entra ID (Azure AD)

Security Journey Requirements

  • A user with Admin privileges in Security Journey

  • SSO (SAML) is recommended and typically configured before SCIM

SCIM Setup Overview

At a high level, SCIM setup includes:

  1. Enable SCIM in Security Journey

  2. Copy the SCIM API URL and API Token

  3. Create a SCIM connection in your IdP

  4. Paste credentials into the IdP SCIM configuration

  5. Test provisioning (create/update/deactivate users)

Step 1: Retrieve Your SCIM Credentials in Security Journey

To configure SCIM, you will need:

  • SCIM API URL

  • SCIM API Token (API Key)

Steps

  1. Log into Security Journey as an Admin.

  2. Navigate to your Settings > SCIM Settings.

  3. Locate your company’s:

    • SCIM API URL

    • SCIM API Token

Important: Copy your token immediately.
Once you navigate away from the SCIM settings page, the token will be hidden and cannot be viewed again.

If you do not copy the token before leaving the page, you will need to reset/regenerate the token to obtain a new one.

Step 2: Create a SCIM Connection in Your Identity Provider (IdP)

In your Identity Provider, create a new SCIM provisioning connection for Security Journey using the credentials from Step 1.

Provider Setup Links

Use the appropriate provider workflow:

Provider-specific configuration screens and wording will vary. Follow your IdP’s process for creating a new SCIM integration, then supply the Security Journey SCIM URL and token when prompted.

Step 3: Add Security Journey Credentials to the IdP Connection

In your IdP SCIM configuration, enter:

  • SCIM Base URL(Security Journey SCIM API URL)

  • Authentication Method → typically “Bearer Token” or “API Token”

  • Token / Secret(Security Journey SCIM API Token)

Save the configuration.

Step 4: Configure Provisioning Settings (IdP)

Enable the desired provisioning actions in your IdP:

✅ Create Users
✅ Update User Attributes
✅ Deactivate Users (Archive)

Recommended: enable all three to fully automate user lifecycle management.

Step 5: Test Provisioning

After SCIM is enabled and configured, run a test to confirm functionality.

Recommended Tests

  • Create a test user in your IdP and verify it appears in Security Journey

  • Update a user attribute (ex: name/email) and verify it syncs

  • Deactivate a user and confirm they are archived/deactivated in Security Journey

Troubleshooting Tips

If SCIM provisioning isn’t working as expected:

  • Confirm the SCIM API URL is correct (no extra spaces)

  • Confirm the SCIM token is active and was copied correctly

  • Verify SCIM is enabled in Security Journey

  • Review your IdP provisioning logs for error messages

  • Confirm required attribute mappings are configured

If issues persist, contact Support.

Need Help?

If you need assistance setting up SCIM provisioning, reach out to Security Journey Support and include:

  • your identity provider (Okta / Entra ID / other)

  • any error messages from provisioning logs

  • what behavior you expected vs. what happened