System for Cross-Domain Identity Management (SCIM) is a standardized protocol used by enterprise companies to centrally manage access and identity information for all of the applications they use. Companies can make changes to their employees' information or access within their workforce Identity Provider (IdP) and have those changes automatically propagated to all of their connected applications — enabling instant updates, provisioning, and deprovisioning at scale. For B2B SaaS applications, SCIM support is crucial for ensuring your largest customers can maintain data consistency and access management across diverse platforms.
The Javascript SDK provides methods to create and maintain SCIM connections.
Once a Member has successfully logged in, the SDK can be used to view SCIM connections in the Organization if the Member's Role gives them permission to do so.
To learn more about our RBAC implementation, see our RBAC guide.
Methods
To call these methods, SCIM must be enabled in the SDK Configuration page of the Stytch dashboard.
Create SCIM Connection
The Create SCIM Connection method wraps the Create SCIM Connection API endpoint. The organization_id will be automatically inferred from the logged-in Member's session. This method cannot be used to create SCIM connections in other Organizations.
This method is not available for unauthenticated end users. In order to call this method, there must be a valid Member Session containing the necessary Role to complete this action. This method requires the Member to have permission to perform the create action on the stytch.scim Resource.
In addition, Member actions & permissions must be enabled in the SDK Configuration page of the Stytch dashboard. To learn more about our RBAC implementation, see our RBAC guide.
The Update SCIM Connection method wraps the Update SCIM Connection API endpoint. The organization_id will be automatically inferred from the logged-in Member's session. This method cannot be used to update SCIM connections in other Organizations.
This method is not available for unauthenticated end users. In order to call this method, there must be a valid Member Session containing the necessary Role to complete this action. This method requires the Member to have permission to perform the update action on the stytch.scim Resource.
In addition, Member actions & permissions must be enabled in the SDK Configuration page of the Stytch dashboard. To learn more about our RBAC implementation, see our RBAC guide.
The Delete SCIM Connection method wraps the Delete SCIM Connection API endpoint. The organization_id will be automatically inferred from the logged-in Member's session. This method cannot be used to delete SCIM connections in other Organizations.
This method is not available for unauthenticated end users. In order to call this method, there must be a valid Member Session containing the necessary Role to complete this action. This method requires the Member to have permission to perform the delete action on the stytch.scim Resource.
In addition, Member actions & permissions must be enabled in the SDK Configuration page of the Stytch dashboard. To learn more about our RBAC implementation, see our RBAC guide.
The Get SCIM Connections method wraps the Get SCIM Connections API endpoint. The organization_id will be automatically inferred from the logged-in Member's session. This method cannot be used to get SCIM connections from other Organizations.
This method is not available for unauthenticated end users. In order to call this method, there must be a valid Member Session containing the necessary Role to complete this action. This method requires the Member to have permission to perform the get action on the stytch.scim Resource.
In addition, Member actions & permissions must be enabled in the SDK Configuration page of the Stytch dashboard. To learn more about our RBAC implementation, see our RBAC guide.
The SCIM Rotate Token Start method wraps the SCIM Rotate Token Start API endpoint. The organization_id will be automatically inferred from the logged-in Member's session. This method cannot be used to start token rotations for SCIM connections in other Organizations.
This method is not available for unauthenticated end users. In order to call this method, there must be a valid Member Session containing the necessary Role to complete this action. This method requires the Member to have permission to perform the update action on the stytch.scim Resource.
In addition, Member actions & permissions must be enabled in the SDK Configuration page of the Stytch dashboard. To learn more about our RBAC implementation, see our RBAC guide.
The SCIM Rotate Token Complete method wraps the SCIM Rotate Token Complete API endpoint. The organization_id will be automatically inferred from the logged-in Member's session. This method cannot be used to complete token rotations for SCIM connections in other Organizations.
This method is not available for unauthenticated end users. In order to call this method, there must be a valid Member Session containing the necessary Role to complete this action. This method requires the Member to have permission to perform the update action on the stytch.scim Resource.
In addition, Member actions & permissions must be enabled in the SDK Configuration page of the Stytch dashboard. To learn more about our RBAC implementation, see our RBAC guide.
The SCIM Rotate Token Cancel method wraps the SCIM Rotate Token Cancel API endpoint. The organization_id will be automatically inferred from the logged-in Member's session. This method cannot be used to cancel token rotations for SCIM connections in other Organizations.
This method is not available for unauthenticated end users. In order to call this method, there must be a valid Member Session containing the necessary Role to complete this action. This method requires the Member to have permission to perform the update action on the stytch.scim Resource.
In addition, Member actions & permissions must be enabled in the SDK Configuration page of the Stytch dashboard. To learn more about our RBAC implementation, see our RBAC guide.