SCIM

SCIM (System for Cross-domain Identity Management) enables automatic user provisioning, deprovisioning, and role synchronization between your identity provider and Scanner. This ensures that user accounts and permissions stay synchronized with your enterprise directory.

Scanner supports SCIM integration with most major identity providers, including:

• Okta

• Microsoft Entra ID (Azure AD)

• Google Workspace

• Most other SCIM 2.0-compliant providers

Setting up SCIM

SCIM configuration requires the same permissions as SSO. If you haven't already configured SSO, contact the Scanner support team to enable these permissions for your account.

Once permissions are configured:

1. In Scanner, navigate to Settings > SCIM.

2. Click Create.

3. Select your identity provider from the list.

4. Enter a name for your connection.

5. Click Create.

6. Follow the on-screen instructions to complete the setup in your identity provider.

Role synchronization

After configuring your SCIM connection, you can set up automatic role synchronization between your identity provider and Scanner.

To enable role synchronization:

1. In your identity provider, identify the roles you want to sync to Scanner.

2. In Scanner, create matching roles with the scim: prefix. For example, to sync an identity provider role called scanner_analyst, create a role named scim:scanner_analyst in Scanner.

3. Configure the appropriate permissions for each Scanner role.

Once configured, Scanner will automatically assign the Scanner role to users who have the corresponding role in your identity provider, and remove it from users who no longer have that role. This ensures user permissions remain synchronized with your enterprise directory.

Note: Role updates in your identity provider may take up to 5 minutes to appear in Scanner.

Scanner uses Stytch for SCIM provisioning. For more information on Stytch's SCIM capabilities, see the Stytch SCIM documentation.

If you encounter any issues during setup, contact the Scanner support team for assistance.