SCIM Provisioning
🏢 Enterprise Feature
This feature requires TalkWriter Enterprise. Contact Sales →
SCIM (System for Cross-domain Identity Management) automatically syncs your identity provider's user directory with TalkWriter. When someone joins your company, they get TalkWriter access. When someone leaves, their access is removed instantly.
What SCIM Does
- Auto-provisioning — New users added in your IdP are automatically created in TalkWriter
- Auto-deprovisioning — Deactivated users lose access immediately
- Group sync — Assign TalkWriter access based on IdP groups
- Attribute sync — Names, emails, and departments stay up to date
Setup Steps
- Open the Admin Portal and go to Security → SCIM
- Click Enable SCIM Provisioning
- Copy the two values shown:
- SCIM Endpoint URL —
https://api.talkwriter.ai/scim/v2 - Bearer Token — A long API token (keep this secret)
- SCIM Endpoint URL —
- Open your identity provider's admin console
- Find the SCIM or provisioning settings for TalkWriter
- Paste the Endpoint URL and Bearer Token
- Enable Push Users and Push Groups
- Run a test sync to confirm users appear in TalkWriter
- Enable automatic sync on your preferred schedule (e.g., every 15 minutes)
Attribute Mapping
| SCIM Attribute | TalkWriter Field | Required |
|---|---|---|
userName | Email address | ✅ |
name.givenName | First name | ✅ |
name.familyName | Last name | ✅ |
active | Account status | ✅ |
displayName | Display name | ❌ |
title | Job title | ❌ |
urn:...department | Department | ❌ |
Supported Operations
| Operation | Description |
|---|---|
| Create User | Provisions a new TalkWriter account |
| Update User | Syncs attribute changes (name, email, etc.) |
| Deactivate User | Suspends TalkWriter access |
| Delete User | Permanently removes the account |
| Push Group | Assigns TalkWriter to an IdP group |
| Remove from Group | Revokes access for users removed from the group |
FAQ
Which IdPs support SCIM with TalkWriter? Any IdP that supports SCIM 2.0, including Okta, Azure AD, OneLogin, and JumpCloud.
How quickly are changes synced? Changes are pushed within seconds when your IdP sends a SCIM event. Scheduled syncs depend on your IdP's polling interval.
Can I use SCIM without SSO? Yes, but we recommend enabling both for the best experience.