SCIM Overview

<Note> SCIM provisioning requires [Email Domain Verification](/documentation/platform/email-domain). You must verify your organization's email domain before provisioning users via SCIM. </Note> <Note> SCIM provisioning can only be enabled when either SAML or OIDC is setup for the organization. </Note> <Info> SCIM provisioning is a paid feature. If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical, then you should contact [email protected] to purchase an enterprise license to use it. </Info>

You can configure your organization in Infisical to have users and user groups be provisioned/deprovisioned using SCIM via providers like Okta, Azure, JumpCloud, etc.

• Provisioning: The SCIM provider pushes user information to Infisical. If the user exists in Infisical, Infisical sends an email invitation to add them to the relevant organization in Infisical; if not, Infisical initializes a new user and sends them an email invitation to finish setting up their account in the organization.
• Deprovisioning: The SCIM provider instructs Infisical to remove user(s) from an organization in Infisical.

SCIM providers:

• Okta SCIM
• Azure SCIM
• JumpCloud SCIM
• PingOne SCIM