Sign in

Configuring SCIM v2.0

Learn about syncing your user list with SCIM v2.0


This guide outlines how to synchronize your application's user and group directories using SCIM v2.0.

To synchronize an Enterprise's users and groups provisioned for your application, you'll need to provide the Enterprise with two pieces of information:

  • An Endpoint that the SCIM server will make requests to.
  • A Bearer token for Okta to authenticate its endpoint requests.

Both of these are available in your Endpoint's Settings in the Developer Dashboard.

Steps 2, and 3 below will need to be carried out by the Enterprise when configuring your application in their Azure AD instance.

Set up your directory sync endpointLink

Login to your WorkOS dashboard and select "Organizations" from the left hand Navigation bar.

Select the Organization you'd like to enable a SCIM 2.0 Directory Sync connection for.

On the Organization's page click "Add Directory".

You'll be prompted to enter the Company's Name, Domain, and additionally select "SCIM 2.0" from the "Directory Type Dropdown".

Then click "Create Connection".

The Directory Sync Connection will now display the Endpoint for the SCIM server to send requests to, and the Bearer Token.

We have support for whitelabeled URLs for Directory Sync endpoints. Contact us for more info!

Configure the SCIM server integrationLink

WorkOS provides you with all of the relevant information for an Enterprise customer to plug and play SCIM functionality for your application.

Provide your Enterprise customer with:

Once the Enterprise has used these values to configure your application within their SCIM server, then your application is ready to synchronize users and groups.

Assign users and groups to your applicationLink

Now, whenever your Enterprise customer assigns users or groups to your application, you'll receive realtime Dashboard updates based on changes in their directory.