# SCIM User Provisioning SingleStore for Cross Identity Management (SCIM) enables user provisioning from an identity provider to the [Cloud Portal](https://portal.singlestore.com/) and SingleStore database. When SCIM is configured, changes in the identity provider synchronize automatically with the Cloud Portal. For example, assigning a user in the identity provider application automatically adds that user to the organization. SingleStore SCIM supports SCIM 2.0 protocol. When users are provisioned through SCIM from an identity provider, their default access depends on whether RBAC is enabled: * If RBAC is disabled, the system assigns **Owner** access by default, similar to inviting new users manually. * If RBAC is enabled, the system grants the user basic permissions based on the role defined for new users.This provides only limited access unless additional roles or permissions are explicitly assigned. RBAC is required for managing user permissions both in the SingleStore Helios and the SingleStore database engine. The following table shows the identity provider application assignments and the corresponding actions in SingleStore Helios: | Identity provider application assignment | SingleStore Helioscorresponding action | | ---------------------------------------- | -------------------------------------- | | Add user | Add a user to aSingleStoreorganization | | Remove user | Remove the user from the organization | | Add group | Create a new team | | Remove group | Remove the team | | Add a user to group | Add the user to team | When SCIM is configured with RBAC enabled, adding a group in the identity provider automatically creates a corresponding team in the Cloud Portal. The permissions configured for the team are then automatically granted to users added to the team. > **📝 Note**: For optimal performance, SCIM provisioning supports synchronizing up to 1000 users and 500 groups. ## Create SCIM Configuration Perform the following tasks to create a new SCIM configuration: 1. On the Cloud Portal, select **\ > Organization Details > SCIM**. 2. Select **+ New SCIM Configuration**. 3. In the **New SCIM Configuration** Dialog box, enter a **Description**, and select **Generate Secret Token** 4. Copy the generated Secret Token and secure it. The secret token is displayed only **once**. 5. Select **Save Configuration**. 6. Use the endpoint URL (`https://authsvc.singlestore.com/auth/scim/[id]`) and the generated bearer token to configure SCIM in the identity provider. Creating a new SCIM configuration deactivates the existing configuration. Only one SCIM configuration can be active at a time. ## Configure an existing SCIM To generate a new secret token for an existing SCIM configuration, select **Configure SCIM**. Select **Generate Secret Token > Save Configuration**. Generating a new secret invalidates the existing secret token. ## Deactivate an existing SCIM To deactivate an existing SCIM configuration, select the ellipsis (three dots) next to the displayed SCIM, and then select **Deactivate** from the list. Deactivating an existing SCIM configuration does not remove users; it only prevents the synchronization of users and teams from the identity provider. ## Activate an existing SCIM To activate an existing SCIM configuration,  select the ellipsis (three dots) next to the displayed SCIM, and then select **Activate** from the list. Activating an existing SCIM configuration deactivates other SCIM connections and prevents synchronization of users and teams from the identity provider. It does not remove users. ## Remove an existing SCIM To remove an existing SCIM configuration, select the ellipsis (three dots) next to the displayed SCIM, and then select **Remove SCIM** from the list. Once the SCIM configuration is removed, the associated users and teams are deleted, and the action cannot be undone. ## In this section * [IdP Configuration - Azure](https://docs.singlestore.com/cloud/security/portal-access/scim-user-provisioning/idp-configuration-azure.md) * [IdP Configuration - Okta](https://docs.singlestore.com/cloud/security/portal-access/scim-user-provisioning/idp-configuration-okta.md) *** Modified at: April 1, 2026 Source: [/cloud/security/portal-access/scim-user-provisioning/](https://docs.singlestore.com/cloud/security/portal-access/scim-user-provisioning/) (An index of the documentation is available at /llms.txt)