Back to all Blog

Access Governance With SCIM (Beta)

Managing access governance over a composable technology stack is crucial for both security and end-user experience. Contentstack SAML 2.0 support enabled companies to provide seamless user management through Single Sign-On (SSO) since its introduction three years ago.

We are excited to announce support for SCIM 2.0 (in Beta), to simplify the automation of user provisioning further. This Beta release includes SCIM support for OneLogin and our SCIM 2.0 API.

SCIM 2.0 And How It Works

SCIM (System for Cross-Domain Identity Management) is a proven and secure protocol for exchanging user identity information between various IT systems and services. Major identity providers (IdP), such as OneLogin, support SCIM as a common language to communicate with service providers such as Contentstack or other applications.

SCIM allows administrators to manage all users from a central location, enabling onboarding, offboarding, or changing user access in hundreds of applications from a single IdP.

Here’s an example of how it works: When a new employee joins your organization, your system admin will create a new user in your IdP and add the user to the Contentstack app in the IdP. The IdP then communicates about the new user’s identity to Contentstack (and other apps you use) and automatically adds the user to Contentstack. Likewise, when your system admin removes a user from the IdP, it automatically removes the user from Contentstack.

What’s In This Release

This release includes everything you need to use SCIM (with OneLogin) for your organization. It’s in ‘Beta’ because we are releasing SCIM support for just one IdP (OneLogin) at the moment, and we are in the process of enhancing the performance of some SCIM API requests. But that shouldn’t stop you from using our SCIM integration for your organization. It’s completely secure. The following explains what’s in this release.

SCIM Support for OneLogin

If you have been using OneLogin as your IdP for automatically provisioning or deprovisioning users, you can now manage Contentstack users as well through your IdP.

Here’s a detailed step-by-step guide on how to set up SCIM with OneLogin and Contentstack.

Contentstack SCIM API

We also provide SCIM API built using the SCIM 2.0 protocol. You may not need to use these APIs directly if you are using OneLogin as your IdP. However, if you have built a custom IdP client or want to manage user provisioning in Contentstack programmatically, these APIs would be useful. Refer to our SCIM API reference for more details.

What This Release Means For You

Ease in Managing Users

Our SCIM integration ensures that your new employees get access to Contentstack with the right permissions at the right time, without admins having to access the Contentstack app every time. This automation saves considerable time, effort, and headaches for the admins that otherwise have to do this manually.

Improved Security and Reduced Human Error

Your company’s data and resources become safe as SCIM integration eliminates any security threats caused by unauthorized access due to manual errors.

Quick User Onboarding

SCIM support for Contentstack helps your IT department and new employees, so they don’t have to wait to access Contentstack. The relevant access with appropriate permissions is already in place, even before they log in for the first time.

Helpful resources