Manage users with SCIM provisioning

Catalytic supports user provisioning with the “System for Cross-domain Identity Management” (SCIM) standard. SCIM is a widely used industry standard to help manage your user and user information across different apps and services.

screen readers look here

Once SCIM is enabled, you can quickly create and update users in Catalytic through your identity provider (IdP). You can also configure settings for the accounts, like notification settings and first user experience.

To use SCIM provisioning, you must first set up a connection with your supported IdP and have SSO enabled on your team.

Before getting started with SCIM

Set up SSO with your IdP

SCIM requires a preexisting SSO connection on your Catalytic team. Before setting up SCIM, set up a connection with your IdP using the configuration settings provided in the SSO Settings page in the Admin Team Center. To learn more, see Implement Single Sign-On (SSO)

Decide on your unique identifier for users

Your IdP will give you the option to select a Unique identifier field for users. This is the data from your IdP that will become the the username is Catalytic. While choosing, keeping the following limitations in mind:

  • Catalytic usernames must alphanumeric characters only
  • Only alphanumeric characters are supported. No special characters like @, #, or $. For this reason, email addresses will not work.
More on unique identifiers

Catalytic does not use every attribute provided by your IdP. Only specific attributes like firstName, lastName, email, displayName, primaryPhone, are supported. We don’t store any data from other attributes, like street addresses, etc.

The following information uses Okta as the example. The setup and terminology may be slightly different with your IdP.

  1. From your Catalytic connection in Okta, select the Provisioning tab.
  2. Select To App in the left hand sidebar, navigate down to the Attribute Mapping section.

    screen readers look here
  3. You’ll see a list of all the attributes associated with your Okta account. This can be used as the unique identifier for users.

How to connect to SCIM

There are two main steps to setting up SCIM:

Enable SCIM in Catalytic

  1. Open the menu in the top navigation bar, and select Admin.
  2. Select SSO Settings
  3. Enable SCIM by enabling the for Connect to SCIM
  4. Open View SCIM Token and URL to find your unique SCIM Token and URL. These will be used later.

Enable SCIM in your identity provider

The following instructions will use Okta as the example. The setup and terminology may be slightly different with your IdP.

  1. From your Okta dashboard, select and open your Catalytic connection.
  2. Select the General tab, and click Edit

    screen readers look here
  3. Under Provisioning, select SCIM to enable SCIM.
  4. Select Save at the bottom of the page.
  5. Select the new Provisioning tab that will appear at the top of the page.
  6. In the SCIM Connection section, configure your SCIM setup and enter your SCIM Token and URL

    screen readers look here
    1. Enter your SCIM Token in the SCIM connector base URL field.
    2. Enter the unique identifier
    3. Check which provisioning actions to enable in the Supported provisioning actions section. Import New Users and Profile Updates is not supported in Catalytic.
    4. Set the Authentication Mode to HTTP Header
    5. Enter the SCIM URL in the Authorization field.
  7. Select Save.

How SCIM works when enabled on existing teams

If you already have users on your Catalytic team, then turn on SCIM, you may have extra settings to configure with your IdP.

Most IdPs give you the option to import all existing users, or only import new users. This may vary based on your IdP. If you import existing users and they have the same email address or name as in Catalytic, it will be rejected and an error should appear on your IdP for why the user wasn’t successfully imported. For example, if you have a “ErikaM” then turn on SCIM and try to create a new “ErikaM”, they will not get added and your IdP will alert you.

For this reason, you must sync or associate the accounts with the account in Catalytic. Your IdP may have an option to “sync” or “force sync” with the application. You should review the documentation provided by your IdP for more information on this feature.

Get help with a problem or question

If something’s not working as expected, or you’re looking for suggestions, check through the options below.

Does Catalytic use or store all attributes from the IdP?

No. You can configure which attributes are shared with Catalytic through your IdP dashboard. Additionally, Catalytic does not and cannot use every attribute provided by your IdP. Only specific attributes like firstName, lastName, email, displayName, primaryPhone, are supported. We don’t store any data from other attributes, like street addresses, etc.

Sorry about that. What was the most unhelpful part?









Thanks for your feedback

We update the Help Center daily, so expect changes soon.

Link Copied

Paste this URL anywhere to link straight to the section.

Need more help?

If you're signed in to Catalytic Community, you can ask other users a question. You'll be redirected to Community where you can add more info.