SCIM FAQs

How do I enable SCIM for an organization?

Here’s a step-by-step guide that explains how to enable SCIM for your Contentstack organization and manage user provisioning through OneLogin as your identity provider (IdP).

To enable SCIM, however, the following things need to be in place:

SCIM must be part of your Contentstack plan
You must either be an owner or admin of the organization

Which Identity Providers (IdPs) does Contentstack support?

Currently, we support SCIM for OneLogin and Microsoft Azure AD. We plan to add support for other IdPs soon.

How to edit details of a user via SCIM?

The endpoint to edit user details is not supported. Considering that users can be members of more than one organization in Contentstack, we do not support an organization to edit user details such as their name or email address.

However, to change users’ organization role, you can use the Contentstack app and follow the steps mentioned in this Change Organization Role of Existing Users guide.

Which version of the SCIM protocol does Contentstack support

Contentstack supports SCIM 2.0.

Do users get deleted from the Contentstack account after they are deprovisioned from an organization via IdP?

If you deprovision users via IdP, they will no longer be a part of the respective Contentstack organization. However, those users will still have access to the Contentstack account.

If a user is added to multiple groups via SCIM, then what would be the net permission to the user?

If a user belongs to multiple groups, he/she will get the highest order of permission on the organization and stack(s). For example, user1 belongs to group1 and group2, and these groups have the following set of permissions:

Group1:
1. Organization Admin
2. “Developer” role in all stacks
Group2:
1. Organization Member
2. “Content manager” role in all stacks

In this case, user1 will be the admin of the organization and have the “Developer” and "Content manager" roles in all the stacks.

Was this article helpful?

Thanks for your feedback