SCIM user provisioning is available for users on the Enterprise plan. Please contact sales to enable this feature for your workspace.
Overview
SCIM (System for Cross-domain Identity Management, RFC 7644) is the standard protocol that identity providers use to manage users in third-party apps. Once SCIM is connected, your IdP becomes the source of truth for who has access to your Softr app — when you add, update, deactivate, or remove a user in your IdP, the change is pushed to Softr automatically. SCIM is the natural complement to SSO: SSO authenticates a user when they sign in, while SCIM provisions the user record itself ahead of time and keeps it in sync. The two are typically used together for centralized identity management.Supported identity providers
Softr’s SCIM implementation follows the SCIM 2.0 standard, so it works with any SCIM-capable IdP, including:- Okta
- Microsoft Entra ID (Azure AD)
- OneLogin
- JumpCloud
- Google Workspace
- … and any other IdP that supports SCIM 2.0.
What SCIM does in Softr
Prerequisites
Before configuring SCIM, make sure you have:- An Enterprise plan with SCIM enabled by Softr — contact sales if you haven’t requested it yet.
- A published Softr app.
- A Softr API key — see API Setup and Endpoints for how to generate one.
- The Application ID of the Softr app you want to provision into.
Connection details
Your IdP will ask for two values when you set up the SCIM integration: a base URL (sometimes called Tenant URL) and a Bearer token.
Replace
{applicationId} with the ID of your Softr application and YOUR_SOFTR_API_KEY with the API key you generated.
Supported endpoints
Pagination defaults:
count defaults to 100 and is capped at 500 per request.
Supported attributes
Supported filters
TheGET /Users endpoint supports a single filter form, which is what Okta and Entra ID send during user lookup:
Setting up SCIM in your IdP
The provisioning flow looks the same in every SCIM-capable IdP — only the UI differs. In your IdP’s SCIM (or “User Provisioning”) settings:1
Create or open the Softr app in your IdP
Add Softr as a SCIM-enabled application in your IdP, or open the existing app you already use for SSO. SCIM is configured on the same application.
2
Enter the SCIM Base URL and Bearer Token
Paste the Softr SCIM Base URL (
https://studio-api.softr.io/scim/v2/applications/{applicationId}/Users) and your Softr API key as the Bearer token.3
Verify the connection
Use your IdP’s built-in Test Connection / Verify button. It will issue a test request against Softr to make sure the URL and token are valid.
4
Enable provisioning and assign users
Turn on the provisioning actions you want (Create Users, Update Attributes, Deactivate Users) and assign the users or groups that should have access to the Softr app. Your IdP will start pushing them to Softr.
- Okta — Configure SCIM provisioning
- Microsoft Entra ID — Automatic provisioning with SCIM
- OneLogin — SCIM Provisioner
Example requests
You can smoke-test the SCIM endpoint withcurl before pointing your IdP at it.
Create a user
Deactivate a user
Error responses
Errors follow the standard SCIM error schema (urn:ietf:params:scim:api:messages:2.0:Error). Common statuses:
Limitations
Softr’s current SCIM implementation supports:- The
Usersresource only —Groupsprovisioning is not yet supported. addandreplacePATCH operations.- The
userName eq "value"filter form.