SCIM is available exclusively for Enterprise customers. Contact our sales team at sales@replit.com to enable this feature for your organization.
System for Cross-domain Identity Management (SCIM) is a standardized protocol that automates user provisioning and deprovisioning between your enterprise identity provider (IdP) and Replit.The SCIM integration is built on the WorkOS platform, ensuring enterprise-grade reliability and security.
Reach out to our sales team at sales@replit.com to enable SCIM for your Enterprise organization
2
Configure Your IdP
Your IT admin will receive a link to the SCIM onboarding portal, which provides step-by-step instructions specific to your identity provider for synchronizing your user directory
What happens to users who already have accounts on replit.com before SCIM was setup?
When SCIM is enabled, existing users are handled in two ways:
Users provisioned through SCIM:
Their roles will be updated to match those provided by your IdP
These users can only be added, removed, or have their roles changed through your IdP
To ensure permissions remain synchronized, admins will no longer be able to edit roles or invite new users within Replit
Users not provisioned through SCIM:
These users remain unchanged and are considered “legacy” users
We do not automatically revoke access, to prevent accidental deprovisioning
Legacy users can be removed through the Replit interface by organization admins if needed
After implementing SCIM, all users provisioned through your IdP must be managed through your identity provider to maintain synchronization. Only legacy users (those not provisioned through SCIM) can be deprovisioned directly in Replit.
Admin: Full access to organization settings and resources
Member: Standard access to create and edit Replit Apps
Viewer: Read-only access to deployed applications
We recommend using dedicated groups for each role. During the SCIM onboarding process, you can configure the mapping between your IdP groups and Replit roles. For example, you might map your “Engineering” group to the Member role and your “Stakeholders” group to the Viewer role.For detailed information about role permissions, see Groups & Permissions. To learn more about viewer access, see Viewer Seats.
Organization admins can edit SCIM configuration at any time by navigating to Organization Settings > Authentication > SCIM. Here you can access the SCIM portal to update group mappings and manage your integration settings.