Loading
Own from Salesforce
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Provisioning and Deprovisioning SCIM

            You are here:

            1. Salesforce Help
            2. Docs
            3. Own from Salesforce

            Provisioning and Deprovisioning SCIM

            Provisioning automatically creates user accounts. Deprovisioning removes user accounts when no longer needed.

            Provision SCIM In OWN

            Master Admin users and Security Admin users can create or revoke tokens, enabling and disabling SCIM provisioning.

            SCIM integration is supported if you're using the Identification Provider (IdP) from Okta, Azure, or SailPoint.

            SCIM is available for accounts where SSO is both configured and activated.

            1. In Manage go to Security, then navigate to the SCIM Provisioning section.
            2. Click Generate. The Generate SCIM Token panel appears displaying the SCIM Token and the SCIM URL. A confirmation email, New SCIM Token, is sent.
              Treat your SCIM token and SCIM URL as securely as any other type of password. Make sure to store them in a safe and secure location.
            3. Integrate the IdP with Own application using the SCIM token and SCIM URL. The following are high level overviews for setting up SCIM provisioning with IdPs:
            4. A New SSO account with Own confirmation email is sent to the user assigned as a new user in step 3. The email instructs the new user to sign in using the IdP for SSO. This IdP is separate from the SCIM IdP.

            Revoke SCIM Token in Own

            Revoking the SCIM Token in Own application, stops access to the SCIM API, disabling the integration with the IdP and stopping SCIM user management. To regain access generate a new SCIM Token. Make sure to update the IdP.

            1. In the SCIM Provisioning section click the three dots and select Revoke.
            2. Confirm the action in the Revoke SCIM token? popup. A confirmation email, SCIM Token Revoked, is sent.

            SCIM Deprovisioning through the IdP

            When deprovisioning is done through the IdP, the SCIM API synchronizes the changes with Own application. Deprovisioning is through the IdP and removes user access to the Own Application. This ensures inactive users no longer have access, reducing security risks. The User status will be “Disabled”.

            Note
            Note IdPs may use their own terminology for Deprovisioning. For example, Okta calls it Deactivating.

            Removing a User via UI: As SCIM integration requires synchronization between your IdP and Own application, avoid manual changes in the Own application while SCIM is enabled. If manual updates are made in the UI, for example adding a new user or disabling/deleting an existing user, update the IdP to maintain alignment. The user remains in the IdP but loses access to Own application.

            Removing a User via IdP: The user is deleted from the Users tab UI, and is removed from associated regions.
             
            Loading
            Salesforce Help | Article