Configure Inbound SCIM for Identity Providers using SAML or OpenID
SAML Identity Providers
Any SAML identity provider using a SAML Connection type must support outbound user provisioning using a SCIM 2.0 client or be used in concert with an external provisioning service that provides outbound user provisioning. Review the official SCIM documentation for a list of known SCIM 2.0 client implementations.
For instructions on how to configure SCIM for specific SAML identity providers, read Inbound SCIM for Okta Workforce SAML Connections and Inbound SCIM for Azure AD SAML Connections
OpenID Connect Identity Providers
Any OpenID Connect identity provider using an OpenID Connect connection must support outbound user provisioning using a SCIM 2.0 client or be used in concert with an external provisioning service that provides outbound user provisioning. Review the official SCIM documentation for a list of known SCIM 2.0 client implementations.
To enable full user lifecycle management, your OpenID Connect identity provider must be configured to send the same value in both the ID token sub
attribute and the SCIM externalId
attribute. These values are typically the identity provider's unique system identifier for the user, which Auth0 uses to identify the user during login.
For instructions on how to configure SCIM for specific OpenID Connect identity providers, read Inbound SCIM for Okta Workforce Connections, Inbound SCIM for New Azure AD Connections, and Inbound SCIM for Older Azure AD Connections.