SCIM Provisioning


Managing user accounts and access permissions across various systems and applications can be a complex and time-consuming task. System for Cross-domain Identity Management (SCIM) provides a standardized approach to user provisioning and simplifies the process of creating, updating, and deactivating user accounts. Files.com SCIM provisioning is designed to integrate seamlessly with popular identity providers such as Okta, Azure Active Directory, and OneLogin. Organizations can configure SCIM provisioning by establishing a connection between their identity provider (IdP) and Files.com. Once the integration is set up, user provisioning and management can be effectively streamlined as below.

Automated User Provisioning

Files.com SCIM provisioning enables organizations to automate the process of creating user accounts. When a new user is added to the organization's identity provider (IdP), the SCIM provisioning feature automatically provisions the user's account on Files.com, eliminating the need for manual setup. We provision the standard user attributes such as the User Name, Name, Display Name, Email Address, and Company Name. This ensures that new users can quickly access the platform and start collaborating without delays.

User Account Updates

SCIM provisioning also facilitates seamless updates to user accounts. When changes are made to user attributes such as name, email address, company name or group memberships in the IdP, these modifications are automatically synchronized with Files.com. This ensures that user information remains consistent across different systems, reducing the risk of data discrepancies and administrative overhead.

Account Deactivation

When a user leaves the organization or their access needs to be revoked, Files.com SCIM provisioning simplifies the deactivation process. Instead of manually disabling the user's account, administrators can simply update the user's status in the IdP, triggering automatic account deactivation in Files.com. This helps maintain data security by ensuring that former employees or external collaborators no longer have access to sensitive files.

Group Management

Files.com SCIM provisioning extends beyond individual user accounts to include group management. Organizations can leverage SCIM to automatically create, update, and remove groups in Files.com based on changes made in the IdP. We provision the standard group attributes such as the Group Name and Group Members. This allows for efficient management of team collaborations and access control, ensuring that users have the appropriate permissions within Files.com.

Setting Up SCIM Provisioning

Files.com supports SCIM version 2.0 with Basic authentication and Token based authentication to integrate with your IdP. Along with standard user provisioning and deprovisioning via SCIM, Files.com also support automatic provisioning or deprovisioning of group memberships.

To integrate your IdP with Files.com SCIM provisioning, use the below fields within your IdP SCIM configuration:

FIELDVALUE
Files.com SCIM connector base URLhttps://app.files.com/api/scim
Unique identifier field for usersemail (it can be email address with some IdP providers)

Visit Azure AD SSO SCIM, Okta SSO SCIM or OneLogin SSO SCIM pages for more information on how you can configure SCIM with your favorite IdP.

Provisioning Users

Once SCIM provisioning is enabled in Files.com, any new users created after the integration will be managed and provisioned through SCIM. The SCIM integration ensures that user creation, updates, and deprovisioning processes are automatically synchronized between the identity provider (such as Okta, Azure AD, OneLogin) and Files.com. However, if your users are already present in Files.com with SSO authentication enabled prior to configuring SCIM provisioning, they may not be automatically managed through SCIM after integrating with certain identity providers like Okta.

In situations where you wish to manage or provision all existing and new users via SCIM, it is recommended to delete the existing users in Files.com before enabling SCIM provisioning for all users. Prior to enabling SCIM, it is advisable to conduct testing to ensure a smooth transition in this scenario.

Modifying the Email Address or User Name

In the event that you modify your user's email address, user principal name (UPN), or username after provisioning the user with SCIM, the updates may not be immediately synchronized with Files.com. As a result, users may experience login difficulties until your Identity Provider (IdP) pushes those changes according to their synchronization interval. To mitigate this issue, we suggest utilizing the on-demand provisioning capabilities of your IdP to promptly provision and propagate these changes.

Issues with Duplicate User Names or Missing User Names

If you are using Azure SSO or other IdP with Create User On First Login enabled and do not have SCIM configured, you may encounter an issue where duplicate user records are created. This occurs because the system interprets the updated UPN/Email address as a new user entry. On the other hand, if you have Create User On First Login disabled and without SCIM, you may see an error when attempting to change the UPN or primary email/username. This error occurs because the system does not recognize the new user entry that is being referenced. To avoid such cases, we recommend using SCIM and on-demand provisioning to properly synchronize the user name or email address changes between your IdP and Files.com.

Provisioning Groups

Files.com can automatically provision/deprovision group memberships using SCIM. To configure the group provisioning settings, edit the settings for your SSO Provider. Type "SSO Providers" in the search box at the top of every page and click on the matching result. Locate your provider integration in the list and click Edit to see the Advanced Settings option. Once you click on the Advanced Settings, you will see various options related to provisioning. If your Groups at IdP are not synchronizing with Files.com, we recommend using manual provision options within your IdP provisioning settings. If you are using Okta as your IdP, go to Applications > Files.com > Push Groups to force the groups to be synchronized with Files.com application.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial

©2023 Files.com. All right reserved

FILES.COM

  • Start My Free Trial
  • Pricing
  • Docs
  • API and SDKs
  • Contact

CONTACT & SUPPORT

support@files.com

(800) 286-8372

Monday–Friday

9am–8pm Eastern