All Collections
Enterprise org administration
Configure SCIM for provisioning
Configure SCIM for provisioning

For Enterprise org admins only: Learn how to set up SCIM for user and group provisioning in Coda

Updated this week

SCIM (System for Cross-domain Identity Management) is a set of protocols that allow a third-party identity provider to manage users inside Coda for your organization. This enables your identity provider to automatically provision and de-provision users and groups in Coda, based on their roles and application assignments within your identity provider.

This article will cover the basics of setting up SCIM for your org, including some standard instructions.

SCIM is only available to customers on our Enterprise plan. Only Enterprise org admins (typically members of your IT team) have the ability to enable SCIM.

Within this article you’ll find...

Before you get started

This article contains generic instructions for setting up SCIM. Before you begin, here are a few important notes:

  • You must be an org admin on our Enterprise plan to follow these steps

  • You will need access to your org’s identity provider

  • Before enabling SCIM, you must first have configured SAML for your org

If you are configuring SCIM with Okta, please refer to the Okta-specific instructions found here. If you are configuring SCIM with Microsoft Entra (formerly Azure AD), please refer to the Azure-specific instructions found here.

Part 1: Enable SCIM in Coda

The first step is to enable SCIM within your Coda organization settings. Note that you must be an Enterprise org admin to follow these steps:

  1. Go to coda.io/docs

  2. In the lower left corner, select More options, then select Organization Settings

  3. Go to the Provisioning tab.

  4. Ensure Provision with SCIM is enabled.

  5. Click Generate New Token. (Note: Only one SCIM token is valid at a time. If SCIM was previously configured, generating a new token invalidates the previous token.)

  6. Note the SCIM Base URL and SCIM Bearer Token. You will need this information later.

Ent enable SCIM.gif

Part 2: Configure SCIM in your identity provider

Next, you’ll need to configure SCIM within your identity provider platform:

  1. Create a new application in your identity provider administration console and enable SCIM.

  2. Copy the SCIM Base URL from Coda (see the steps in the section above) into the appropriate location in your identity provider setup.

  3. Copy the SCIM Bearer Token from Coda into the appropriate location in your identity provider setup. Note that your identity provider may require the word Bearer before the token (e.g. Bearer 12345678-abcd-9012-abfe-345678901234 ).

  4. Ensure your application passes user identity to Coda in "email" format; that is, your identity provider is sending email-address-like user identities to Coda.

What can I do with SCIM?

Once you’ve configured SCIM for your Coda org, you can use it to take the following actions:

FAQs

Who can enable SCIM?

SCIM (and pushing groups) is only available on our Enterprise plan, and only org admins have the ability to enable it. Since enabling SCIM also requires you to have access to your company’s identity provider, these org admins are typically members of your IT team.

If you’re interested in upgrading to an Enterprise plan, check out our pricing page to learn more.

Where can I find instructions for setting up SCIM with Okta or with Microsoft Entra?

The instructions in this article aren't specific to any one identify provider. If you're using Okta for SCIM, we recommend this article instead. And if you're using Microsoft Entra (formerly Azure AD), please refer to the specific instructions found here.

Related resources

Did this answer your question?