Today we announce that Pactflow now provides support for the System for Cross-domain Identity Management (SCIM) v2.0 standard. SCIM keeps your Pactflow identities in sync with identities from your IdP. This includes any provisioning, updates, and de-provisioning of users, their roles and team memberships.
The need for SCIM API
Pactflow is loved by organisations of all sizes – from startups to major global enterprises. While Pactflow has previously supported SAML as an SSO option, SSO provisioning is only supported on demand. Additionally, with heightened awareness around security, another important use case we heard from customers is off boarding team, members. We know that all organisations, specifically large enterprises, need to tightly control who can access IT assets - including SaaS products - in order to comply with regulation and implement acceptable security controls.
Secure and automated provisioning and de-provisioning of users
We are pleased to announce support for our SCIM API to complement our SAML SSO option. SCIM is an industry standard API that IDPs implement as an extension to SAML, allowing large organisations to automate the onboarding, off boarding and management of employees to third party systems.
- Users can be pre-provisioned into their appropriate team and with their appropriate roles
- Users will be automatically de-provisioned in the event they leave their organisation or have the entitlements revoked (e.g. department change)
- Any updates to the users will be reflected with the user on-demand, not during next login.
That is - the Pactflow user store will be kept in sync with their IDP of choice, such as Okta or Azure AD.
How to get started
SCIM is now available for all customers on our Enterprise Plans (both SaaS and on-premise). For existing Enterprise Plan customers on our SAML setup follow the SCIM guide (or our on-premises guide) to connect your IDP to our SCIM endpoint.
If you’re new to Pactflow or on a Starter or Team Plan, get in touch with our sales team to learn more.