WorkOS Docs Homepage

Rippling SCIM


Learn about syncing your user list with Rippling SCIM v2.0.

This guide outlines how to synchronize your application’s Rippling directories using SCIM v2.0.

To synchronize an Enterprise’s users and groups provisioned for your application, you’ll need to provide the Enterprise with two pieces of information:

  • An Endpoint that Rippling will make requests to.
  • A Bearer Token for Rippling to authenticate its endpoint requests.

Both of these are available in your Endpoint’s Settings in the WorkOS Dashboard.

Steps 2, 3, and 4 below will need to be carried out by the Enterprise when configuring your application in their Rippling instance.

Login to your WorkOS Dashboard and select “Organizations” from the left hand navigation bar.

Select the organization you’ll be configuring a new Directory Sync for.

Under “Actions” click “Add Directory”.

Select “Rippling SCIM v2.0” from the dropdown, and input your Enterprise’s Name.

Then, click “Create Directory.”

Your Rippling SCIM v.2.0 directory sync has now been created successfully with an Endpoint and Bearer Token.

We have support for custom URLs for Directory Sync endpoints. Contact us for more info!

Log in to the Rippling admin dashboard and select the “Custom App” option in the menu under the “Identity Management” category.

Select “Create New App” in the Custom App page.

Fill out the application’s name, upload an image for the logo, and check the “SCIM Provisioning” box. Click “Create App” and the page will update with more option fields regarding SCIM setup.

Set the SCIM version to 2.0.

Fill in the endpoint into the “SCIM Base URL” field.

Set the SCIM authorization method to “Bearer Token”. Check off features for groups, pagination, delete groups and PATCH groups.

Add SCIM attributes externalId, emails.primary, name.givenName, name.familyName. If you have additional custom attributes, add the appropriate corresponding Rippling values of the custom attributes. Click “Update App” to move to the next step.

Copy and paste the Bearer Token into the “Bearer Token” field and click “Continue”.

After entering the Bearer Token, the following two pages “App Access Rules” and “Provision Time”, can be filled out by your own preference. You should then arrive at the “Account Matching” page.

In order for your users and groups to be synced, you will need to assign them to your Rippling Application. Match the Rippling users to the account, or create a new application account for the user(s).

Create Groups for the application as needed.

Name the group.

Assign Rippling users/groups to the newly created application group.

Make sure all attributes previously added are enabled. Click “Continue” to finish setup.

In your WorkOS dashboard, you should now see the users and groups synced over.