SCIM
Learn how to set up and manage SCIM to simplify provisioning and managing user roles within your Replit Enterprise Team.
Introduction
SCIM is available exclusively for Enterprise customers. Contact our sales team at sales@replit.com to enable this feature for your organization.
System for Cross-domain Identity Management (SCIM) is a standardized protocol that automates user provisioning and deprovisioning between your enterprise identity provider (IdP) and Replit.
The SCIM integration is built on the WorkOS platform, ensuring enterprise-grade reliability and security.
Key Features
Automated User Management
Automatically provision and deprovision users based on your IdP’s directory
Role Synchronization
Keep user roles and permissions in sync with your organizational structure
Bulk Operations
Efficiently manage large teams with bulk user operations
Major IdP Support
Direct integration with Azure AD, Okta, and other leading identity providers
Benefits
SCIM integration provides several advantages for Enterprise teams:
- Enhanced Security: Leverage your existing identity management systems for robust access control
- Simplified Administration: Automatically manage team members through your identity provider
- Efficient Onboarding: Seamlessly provision large teams without manual intervention
- Consistent Access Control: Maintain uniform access policies across your organization
Getting Started
Contact Sales
Reach out to our sales team at sales@replit.com to enable SCIM for your Enterprise organization
Configure Your IdP
Your IT admin will receive a link to the SCIM onboarding portal, which provides step-by-step instructions specific to your identity provider for synchronizing your user directory
Test Integration
Verify the connection by provisioning a test user
Go Live
Begin using SCIM for automated user management
Best Practices
- Document role allocations for existing Replit users before enabling SCIM
- Configure groups for each Replit role, keeping in mind that users without a group will default to the Viewer role
- Test your configuration by provisioning a small group of users before enabling bulk provisioning
- Document your SCIM configuration for future reference
FAQs
What happens to users who already have accounts on replit.com before SCIM was setup?
When SCIM is enabled, existing users are handled in two ways:
-
Users provisioned through SCIM:
- Their roles will be updated to match those provided by your IdP
- These users can only be added, removed, or have their roles changed through your IdP
- To ensure permissions remain synchronized, admins will no longer be able to edit roles or invite new users within Replit
-
Users not provisioned through SCIM:
- These users remain unchanged and are considered “legacy” users
- We do not automatically revoke access, to prevent accidental deprovisioning
- Legacy users can be removed through the Replit interface by organization admins if needed
After implementing SCIM, all users provisioned through your IdP must be managed through your identity provider to maintain synchronization. Only legacy users (those not provisioned through SCIM) can be deprovisioned directly in Replit.
What roles can be provisioned with SCIM?
SCIM users can be assigned to three roles:
- Admin: Full access to organization settings and resources
- Member: Standard access to create and edit Replit Apps
- Viewer: Read-only access to deployed applications
We recommend using dedicated groups for each role. During the SCIM onboarding process, you can configure the mapping between your IdP groups and Replit roles. For example, you might map your “Engineering” group to the Member role and your “Stakeholders” group to the Viewer role.
For detailed information about role permissions, see Groups & Permissions. To learn more about viewer access, see Viewer Seats.
What if I need to edit the role mapping later?
Organization admins can edit SCIM configuration at any time by navigating to Organization Settings > Authentication > SCIM. Here you can access the SCIM portal to update group mappings and manage your integration settings.