# SCIM user sync

## Introduction

SCIM (System for Cross-domain Identity Management) is an open standard for synchronising users between an identity provider (Google, Azure, Okta, etc) and service provider (Skovik).

## Supported SCIM schemas

Our implementation follows the SCIM 2.0 specification and supports the following schemas.

<table data-full-width="false"><thead><tr><th width="204">Schema</th><th width="518">URN</th></tr></thead><tbody><tr><td>Core user schema</td><td><code>urn:ietf:params:scim:schemas:core:2.0:User</code></td></tr><tr><td>Enterprise user schema</td><td><code>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User</code></td></tr><tr><td>Custom user extension</td><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User</code></td></tr></tbody></table>

The Custom User Extension schema is used to synchronize custom field values, unique to our system, for example cost center, default project membership and similar.

## Provided SCIM endpoints

We provide the following SCIM endpoints:

* `/Users` ⇒ For user provisioning, updates, and deprovisioning.
* `/ServiceProviderConfig` ⇒ For SCIM service provider metadata.
* `/Schemas` ⇒ The SCIM schemas supported by our API, including the core user schema, the enterprise extension and our custom extension.
* `/ResourceTypes` ⇒ The resource types available (such as User), along with their associated schemas.

{% hint style="info" %}
We do not support provisioning groups. If you have a need or use case for this, send us feedback explaining the use case and we'll consider it for our future product roadmap.
{% endhint %}

## Implementation Guide

### Prerequisites

* Ensure that all users have a unique email address, as that will be used as the unique identifier (`userName`) used for logging in to Skovik.
* Ensure that the branch an employee should belong to can be identified by an attribute on the identity provider. This attribute must match the `external_identifier` of the branch in our system.
* Identify any custom fields in Skovik that should be provisioned for the employees.

### Configuring SCIM in Skovik

{% stepper %}
{% step %}

### **Create an identity provider configuration**&#x20;

Enable "User provisioning" and set up custom field mappings as needed.
{% endstep %}

{% step %}

### Verify branch identifiers

Make sure the `external_identifier` is set on all relevant branches.
{% endstep %}

{% step %}

### Generate a SCIM token and a URL

Generate a SCIM token and URL in the identity provider configuration.
{% endstep %}
{% endstepper %}

### Configuring SCIM in the identity provider

{% stepper %}
{% step %}

### Create a new application for provisioning users

Ask your identity provider or pursue their docs if you don't know how.
{% endstep %}

{% step %}

### Configure the SCIM endpoint and token

&#x20;Use the URL and token generated in our system.
{% endstep %}

{% step %}

### Setup attribute mappings

See table of mappings below.
{% endstep %}
{% endstepper %}

### Table of mappings

<table data-full-width="false"><thead><tr><th width="329">SCIM field</th><th width="325">Skovik property</th><th data-type="checkbox">Required</th></tr></thead><tbody><tr><td><code>userName</code></td><td>Employee's email</td><td>true</td></tr><tr><td><code>name.givenName</code></td><td>Employee's first name</td><td>true</td></tr><tr><td><code>name.familyName</code></td><td>Employee's last name</td><td>true</td></tr><tr><td><code>active</code></td><td>Active in Skovik. Setting to <code>false</code> will permanently archive the user.</td><td>true</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:division</code></td><td>Employee's branch</td><td>true</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager</code></td><td>Employee's superior</td><td>false</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field1</code></td><td>Mapped to a custom field in the identity provider configuration.</td><td>false</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field1</code></td><td>Mapped to a custom field in the identity provider configuration.</td><td>false</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field2</code></td><td>Mapped to a custom field in the identity provider configuration.</td><td>false</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field3</code></td><td>Mapped to a custom field in the identity provider configuration.</td><td>false</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field4</code></td><td>Mapped to a custom field in the identity provider configuration.</td><td>false</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field5</code></td><td>Mapped to a custom field in the identity provider configuration.</td><td>false</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field6</code></td><td>Mapped to a custom field in the identity provider configuration.</td><td>false</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field7</code></td><td>Mapped to a custom field in the identity provider configuration.</td><td>false</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field8</code></td><td>Mapped to a custom field in the identity provider configuration.</td><td>false</td></tr><tr><td><code>urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field9</code></td><td>Mapped to a custom field in the identity provider configuration.</td><td>false</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.skovik.com/for-it-and-developers/scim-user-sync.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.