Setting up SCIM provisioning

Who can use this feature

  • Supported on Enterprise plans
  • Anyone with an org admin role can access and edit SCIM settings

In this article, we'll show you how to set up SCIM, so you can provision new users to Writer automatically. If you're looking for information about setting up single sign-on authentication, check out our article, Setting up SAML SSO.

What's in this article:

What provisioning features are supported?

Writer supports the following provisioning features:

  • Groups: An existing IdP group can be linked and pushed to an existing Writer team. Membership changes in the IdP group will be reflected in the linked Writer team.
  • Users: IdP users can be pushed and either matched against existing Writer users, or created as new ones.
  • Update user attributes
  • Provision/deprovision users (create/delete)

Writer doesn't support the following provisioning features, but may in the future:

  • Sync password
  • Create/delete teams
  • Deactivate/reactivate users (soft delete/undelete)

Configuring SCIM provisioning

Set up SAML SSO from Writer to your IdP

Before you provision SCIM, you'll need to set up the connection between Writer and your IdP. Check out our article, Setting up SAML SSO.

Share information from Writer with your identity provider

To get started, visit Admin Single sign-on page and scroll down to the section named SCIM. Select Set up SCIM.

You'll be presented with 3 important fields, which you'll share with your identity provider in the next step.

Unique identifier:

email

Endpoint:

https://app.writer.com/api/scim/v2

Bearer token:

unique to your organization

Share information from your IdP with Writer

Go to the Writer SSO application in your IdP, and enable SCIM provisioning with your Writer setup details:

Choose default team in Writer

Once SCIM provisioning is set up in your IdP, return to Admin > Single sign-on in Writer.

Under Default user permissions, select a team from the dropdown menu.

This decides which team to add new users to when they've been created via SCIM. (This does not interfere with pushes from specific IdP groups to Writer teams.) You can also edit or remove the configuration, if needed.

Frequently asked questions

General

Q: Can we provision our entire organization?

Yes and no. IdPs typically don't allow you to select everyone for a group push. However, if all of your users are assigned to groups, you can push all of these to Writer, which will provision everyone.

Q: Can we create or delete Writer Teams in our IdP?

No.

Q: Can we set the team admin user role in our IdP?

No.

Troubleshooting

If you have questions around our SCIM integration, please contact support@writer.com.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Support Contact Support

Related articles