Supported SCIM Actions
Below is the list of actions that can be communicated by SCIM, and the corresponding changes that are triggered in Stytch.
| SCIM Action | Stytch Database Changes | Stytch RBAC Changes | Stytch Session Changes | Stytch Webhook Triggered |
|---|---|---|---|---|
| Member Provisioned | Creates Member in Organization | Assigns any email domain Implicit Role Grants | scim.member.create | |
| Member Info Updated | Update Member entity | Revokes or Assigns any email domain Implicit Role Grants | RBAC changes propagated to active JWTs on next refresh <= 5 min | scim.member.update |
| Member Deprovisioned | Updates Member.Status to deactivated | Revokes all current Roles | Revokes all current Sessions | scim.member.delete |
| Member Reactivated | Updates Member.Status to active | Apply any qualified Implicit Role Grants (Explicit Roles Grants must be re-assigned) | scim.member.update | |
| Group Created | Creates an IdP Group record with a stable UUID | scim.idp_group.create | ||
| Group Info Updated | Updates IdP Group’s Display Name (only editable field) | scim.idp_group.update | ||
| Member Added to Group | Creates record of MemberID belonging to IdP Group | Applies any IdP Group Implicit Role Grants | RBAC changes propagated to active JWTs on next refresh <= 5 min | scim.idp_group.member_add |
| Member Removed from Group | Sets Member's IdP Group membership record to deleted | Removes any IdP Group Implicit Role Grants | RBAC changes propagated to active JWTs on next refresh <= 5 min | scim.idp_group.member_delete |
| Group Deleted | Updates IdP Group and membership records to deleted | Revokes any IdP Group Implicit Role Grants | RBAC changes propagated to active JWTs on next refresh <= 5 min | scim.idp_group.delete |