Configure Inbound SCIM for Identity Providers using SAML or OpenID

Any SAML identity provider using a SAML Connection type must support outbound user provisioning using a SCIM 2.0 client or be used in concert with an external provisioning service that provides outbound user provisioning. Review the official SCIM documentation for a list of known SCIM 2.0 client implementations.

For instructions on how to configure SCIM for specific SAML identity providers, read Inbound SCIM for Okta Workforce SAML Connections and Inbound SCIM for Azure AD SAML Connections

Any OpenID Connect identity provider using an OpenID Connect connection must support outbound user provisioning using a SCIM 2.0 client or be used in concert with an external provisioning service that provides outbound user provisioning. Review the official SCIM documentation for a list of known SCIM 2.0 client implementations.

To enable full user lifecycle management, your OpenID Connect identity provider must be configured to send the same value in both the ID token sub attribute and the SCIM externalId attribute. These values are typically the identity provider's unique system identifier for the user, which Auth0 uses to identify the user during login.

For instructions on how to configure SCIM for specific OpenID Connect identity providers, read Inbound SCIM for Okta Workforce Connections, Inbound SCIM for New Azure AD Connections, and Inbound SCIM for Older Azure AD Connections.