Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            SCIM Integration

            Overview

            This guide explains how to set up System for Cross-domain Identity Management (SCIM) provisioning on our platform. SCIM enables you to automatically manage users and assign roles directly from your identity provider (IdP), with Okta and Azure AD as supported examples.

            With SCIM, you can streamline user onboarding, role updates, and offboarding without manual intervention.

            Before You Start

            SCIM provisioning requires SSO to be configured first. Complete your SSO integration with Okta or Azure AD before setting up SCIM.

            Setup Instructions

            Step 1: Enable SCIM Provisioning

            1. Click your User Profile

            2. Navigate to Privacy and Security

            3. Select the Provisioning tab

            4. Click Add Connection

            5. Follow the in-app guide to complete SCIM integration with your SSO provider

            Step 2: Configure Role Mapping

            In Your SSO Provider

            Create groups for each role you want to assign in Spendflo. For example:

            • One group for Admin users

            • One group for Requestor users

            • One group for Approver users

            In your SSO application settings, enable Push Groups and add these groups to your Spendflo application.

            In Spendflo

            1. Go to Privacy & Security → Groups tab

            2. Create groups with exactly the same names as those in your SSO provider

            3. Assign the corresponding role to each group

            Now, whenever you add a user to a group in your SSO provider, that user will automatically be created in Spendflo with the assigned role.

            Important Notes

            • Role updates require re-login: If a user's role changes, they must log out and log back in for the changes to take effect

            • SSO assignment is required: Users must be assigned to the Spendflo application in your SSO provider to access the platform

            How Automatic Synchronization Works

            Once SCIM is active, your identity provider stays synchronized with Spendflo:

            User Profile Updates

            • Changes to username or email sync automatically in real-time

            Role and Group Changes

            • Adding a user to a group → User receives that group's role

            • Changing a user's groups → Role assignments update automatically

            • Adding a new role to a group → All group members receive the new role

            User Removal

            • Unassigning a user from all groups → User is deleted from the platform



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0