Organization & Team Setup
SCIM User Provisioning
Automate user lifecycle management with SCIM 2.0 provisioning from Okta or Azure AD.
What is SCIM?
SCIM (System for Cross-domain Identity Management) automatically syncs user accounts between your identity provider (Okta, Azure AD) and Zelosify. When you add/remove someone in your IdP, their Zelosify account is automatically created/deactivated.
Benefits
- Zero manual user management in Zelosify
- Instant deactivation when someone leaves your organization
- Role and group assignments sync automatically
- Reduces admin overhead and security risk
Supported Operations
| Operation | Description |
|---|---|
| Create User | When assigned in IdP → account auto-created in Zelosify |
| Update User | Profile changes in IdP → synced to Zelosify |
| Deactivate User | Unassigned in IdP → account deactivated in Zelosify |
| Delete User | Removed in IdP → account marked for deletion |
| Group Push | IdP group → Zelosify role mapping |
Setup Overview (Admin Only)
- Navigate to Settings → Security → SCIM Provisioning
- Click "Enable SCIM"
- Copy the SCIM Endpoint URL and Bearer Token
- Configure your IdP:
- Okta: Add Zelosify SCIM app → paste endpoint and token → configure attribute mappings
- Azure AD: Enterprise Applications → Zelosify → Provisioning → paste endpoint and token
- Map IdP groups to Zelosify roles
- Test with a single user before enabling for all
Role Mapping
| IdP Group | Zelosify Role |
|---|---|
zelosify-admins | Admin |
zelosify-vendor-managers | Vendor Manager |
zelosify-hiring-managers | Hiring Manager |
zelosify-business-users | Business User |
Important Notes
- SCIM authentication uses a secure API Bearer Token (stored as a SHA-256 hash on the backend, rather than a JWT) — store the token securely
- Changes sync within 1-5 minutes (depending on your IdP's push interval)
- If SCIM is enabled, manual user creation is disabled (SCIM is the single source of truth)