Skip to main content
SCIM user provisioning is available for users on the Enterprise plan. Please contact sales to enable this feature for your workspace.

Overview

SCIM (System for Cross-domain Identity Management, RFC 7644) is the standard protocol that identity providers use to manage users in third-party apps. Once SCIM is connected, your IdP becomes the source of truth for who has access to your Softr app — when you add, update, deactivate, or remove a user in your IdP, the change is pushed to Softr automatically. SCIM is the natural complement to SSO: SSO authenticates a user when they sign in, while SCIM provisions the user record itself ahead of time and keeps it in sync. The two are typically used together for centralized identity management.

Supported identity providers

Softr’s SCIM implementation follows the SCIM 2.0 standard, so it works with any SCIM-capable IdP, including:
  • Okta
  • Microsoft Entra ID (Azure AD)
  • OneLogin
  • JumpCloud
  • Google Workspace
  • … and any other IdP that supports SCIM 2.0.

What SCIM does in Softr

Prerequisites

Before configuring SCIM, make sure you have:
  • An Enterprise plan with SCIM enabled by Softr — contact sales if you haven’t requested it yet.
  • A published Softr app.
  • A Softr API key — see API Setup and Endpoints for how to generate one.
  • The Application ID of the Softr app you want to provision into.

Connection details

Your IdP will ask for two values when you set up the SCIM integration: a base URL (sometimes called Tenant URL) and a Bearer token. Replace {applicationId} with the ID of your Softr application and YOUR_SOFTR_API_KEY with the API key you generated.

Supported endpoints

Pagination defaults: count defaults to 100 and is capped at 500 per request.

Supported attributes

Supported filters

The GET /Users endpoint supports a single filter form, which is what Okta and Entra ID send during user lookup:

Setting up SCIM in your IdP

The provisioning flow looks the same in every SCIM-capable IdP — only the UI differs. In your IdP’s SCIM (or “User Provisioning”) settings:
1

Create or open the Softr app in your IdP

Add Softr as a SCIM-enabled application in your IdP, or open the existing app you already use for SSO. SCIM is configured on the same application.
2

Enter the SCIM Base URL and Bearer Token

Paste the Softr SCIM Base URL (https://studio-api.softr.io/scim/v2/applications/{applicationId}/Users) and your Softr API key as the Bearer token.
3

Verify the connection

Use your IdP’s built-in Test Connection / Verify button. It will issue a test request against Softr to make sure the URL and token are valid.
4

Enable provisioning and assign users

Turn on the provisioning actions you want (Create Users, Update Attributes, Deactivate Users) and assign the users or groups that should have access to the Softr app. Your IdP will start pushing them to Softr.
For provider-specific UI details, see your IdP’s documentation:

Example requests

You can smoke-test the SCIM endpoint with curl before pointing your IdP at it.

Create a user

Deactivate a user

Error responses

Errors follow the standard SCIM error schema (urn:ietf:params:scim:api:messages:2.0:Error). Common statuses:

Limitations

Softr’s current SCIM implementation supports:
  • The Users resource only — Groups provisioning is not yet supported.
  • add and replace PATCH operations.
  • The userName eq "value" filter form.
Manage user groups inside Softr while SCIM keeps the underlying user records in sync.