SCIM (System for Cross-domain Identity Management) is a set of protocols that allow a third-party identity provider to manage users inside Coda for your organization. This enables your identity provider to automatically provision and de-provision users and groups in Coda, based on their roles and application assignments within your identity provider.
This article will cover the basics of setting up SCIM for your org, including some standard instructions.
ℹ️ SCIM is only available to customers on our Enterprise plan. Only Enterprise org admins (typically members of your IT team) have the ability to enable SCIM. If you're interested in upgrading to Enterprise, you can learn more here.
Within this article you’ll find...
Before you get started
This article contains generic instructions for setting up SCIM. Before you begin, here are a few important notes:
You must be an org admin on our Enterprise plan to follow these steps
You will need access to your org’s identity provider
Before enabling SCIM, you must first have configured SAML for your org
If you are configuring SCIM with Okta, please refer to the Okta-specific instructions found here. If you are configuring SCIM with Microsoft Entra ID (formerly Azure AD), please refer to the Azure-specific instructions found here.
Part 1: Enable SCIM in Coda
The first step is to enable SCIM within your Coda admin settings. Note that you must be an Enterprise org admin to follow these steps:
Go to coda.io/docs
Click on Admin settings, in the upper left
Scroll to - or search for - the Provisioning tab
Toggle on the Provision with SCIM setting.
If you haven't yet configured SAML for your org, you won't be able to turn this on. Complete the steps in this article before proceeding.
The click Generate new token at the bottom of the page. (Note: Only one SCIM token is valid at a time. If SCIM was previously configured, generating a new token invalidates the previous token.)
Note the SCIM Base URL and SCIM Bearer Token. You will need this information later.
Part 2: Configure SCIM in your identity provider
Next, you’ll need to configure SCIM within your identity provider platform:
Create a new application in your identity provider administration console and enable SCIM.
Copy the SCIM Base URL from Coda (see the steps in the section above) into the appropriate location in your identity provider setup.
Copy the SCIM Bearer Token from Coda into the appropriate location in your identity provider setup. Note that your identity provider may require the word Bearer before the token (e.g. Bearer 12345678-abcd-9012-abfe-345678901234 ).
Ensure your application passes user identity to Coda in "email" format; that is, your identity provider is sending email-address-like user identities to Coda.
What can I do with SCIM?
Once you’ve configured SCIM for your Coda org, you can use it to take the following actions:
Create users
Update user attributes
Deactivate users
Push user groups to Coda (📣 check out this article to learn how)
FAQs
Who can enable SCIM?
Who can enable SCIM?
SCIM (and pushing groups) is only available on our Enterprise plan, and only org admins have the ability to enable it. Since enabling SCIM also requires you to have access to your company’s identity provider, these org admins are typically members of your IT team.
If you’re interested in upgrading to an Enterprise plan, check out this page to learn more.
Where can I find instructions for setting up SCIM with Okta or with Microsoft Entra ID?
Where can I find instructions for setting up SCIM with Okta or with Microsoft Entra ID?
The instructions in this article aren't specific to any one identify provider. If you're using Okta for SCIM, we recommend this article instead. And if you're using Microsoft Entra ID (formerly Azure AD), please refer to the specific instructions found here.