Introduction to Klaxoon SCIM

System for Cross-domain Identity Management, also known as SCIM, provides automated provisioning and user management for Klaxoon through your Identity Provider (IdP).

Klaxoon SCIM API is used by SSO partners to provision, manage, and de-provision users.

๐Ÿ“˜

Please notice

  • SAML based SSO must be properly set up and functional before you start configuring automated provisioning.
  • Currently, only one Klaxoon team can be synced with your IdP using SCIM
    Multiple teams support is coming soon, stay tuned!
  • Password changes are not supported.
    There are no immediate plans to start supporting this change
  • Our SCIM implementation uses the 2.0 version of the protocol as described in:

RFC 7642 โ€” Definitions, Overview, Concepts, and Requirements
RFC 7643 โ€” Core Schema
RFC 7644 โ€” Protocol

Capabilities

Our SCIM implementation supports two types of resources:

  • Users
  • Groups

Using Klaxoon SCIM you can:

  • Create users in Klaxoon
  • Deactivate users in Klaxoon
  • Manage your users licenses
  • Keep users synchronized between your IdP and Klaxoon

Features not available via SCIM

  • Assign admin role
  • Assign user to a specific team
  • Manage password change
  • Manage language change (instead the language is detected using userโ€™s environment at the time of connection)
  • Manage profile picture change
  • Permanently delete user account

Supported identity providers

We currently support the following identity providers:

  • Okta
  • Microsoft Entra ID (formerly Azure AD)

๐Ÿ“˜

Note

Apart from those IdP we officially support, any IdP allowing SCIM provisioning should work fine but that our support team may not be able to troubleshoot you