Supported SCIM Actions
Below is the list of actions that can be communicated by SCIM, and the corresponding changes that are triggered in Stytch.
SCIM Action | Stytch Database Changes | Stytch RBAC Changes | Stytch Session Changes | Stytch Webhook Triggered |
|---|---|---|---|---|
Member Provisioned | Creates Member in Organization | Assigns any email domain Implicit Role Grants | scim.member.create | |
Member Info Updated | Update Member entity | Revokes or Assigns any email domain Implicit Role Grants | RBAC changes propagated to active JWTs on next refresh <= 5 min | scim.member.update |
Member Deprovisioned | Updates Member.Status to deactivated | Revokes all current Roles | Revokes all current Sessions | scim.member.delete |
Member Reactivated | Updates Member.Status to active | Apply any qualified Implicit Role Grants (Explicit Roles Grants must be re-assigned) | scim.member.update | |
Group Created* | Creates an IdP Group record with a stable UUID | scim.idp_group.create | ||
Group Info Updated* | Updates IdP Group’s Display Name (only editable field) | scim.idp_group.update | ||
Member Added to Group* | Creates record of MemberID belonging to IdP Group | Applys any IdP Group Implicit Role Grants | RBAC changes propagated to active JWTs on next refresh <= 5 min | scim.idp_group.member_add |
Member Removed from Group* | Sets Member's IdP Group membership record to deleted | Removes any IdP Group Implicit Role Grants | RBAC changes propagated to active JWTs on next refresh <= 5 min | scim.idp_group.member_delete |
Group Deleted* | Updates IdP Group and membership records to deleted | Revokes any IdP Group Implicit Role Grants | RBAC changes propagated to active JWTs on next refresh <= 5 min | scim.idp_group.delete |
*Groups support as part of General Availability