For many multi-tenant enterprise application ProAuth is used as the single trust identity provider which federates to other identity providers to support single-sign on scenarios for the tenants. In those cases the users are managed in the tenant’s directory. If user data needs to be available in ProAuth before the first login (i.e. User or Group selection in target application) or if an invite workflow for a limited set of users of a directory is not applicable, users and groups can be provisioned to ProAuth by using the SCIM Protocol. System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains, or IT systems.
SCIM synchronization is currently only available for IDP types of OpenIdConnect
. Each federated IDP instances has its own SCIM endpoint with a custom authentication token. The endpoints supports any related party which is compatible with the SCIM standard. We provide a detailed documentation on how to setup provisioning with Azure Active Directory as well as a ProAuth directory synchronizer tool for provisioning users and groups from an on-premises Active Directory.