Frequently Asked Questions about SCIM

General Questions

What is SCIM and why should I use it?

SCIM (System for Cross-domain Identity Management) is an industry-standard protocol for automating user identity management between systems. With SCIM integration, you can:

Automatically create user accounts when new employees join
Update user information when changes occur in your identity provider
Immediately remove accounts when employees leave
Reduce manual administrative work and human errors
Ensure consistent user data across systems

Which identity providers are supported?

Microsoft Entra ID (formerly Azure Active Directory, Azure AD)

To configure Cosafe SCIM with other IdPs, please contact support.

Technical Questions

What SCIM version does Cosafe support?

Cosafe implements SCIM 2.0 protocol, specifically supporting a subset of operations focused on standard user provisioning and group management, which is being used by majority of identity providers.

What happens if my API key is compromised?

If you suspect your API key has been compromised:

Contact Cosafe support immediately at support@cosafe.com
Support will deactivate the current key and issue a new one
Update your identity provider configuration with the new key
Monitor your identity provider audit logs

User And Groups Management Questions

What user information is synchronized?

The following user attributes are synchronized:

Required: Username, display name
Optional: Phone numbers, job title
Status: Active status for account management

Updatable attributes:

Updatable: Username, display name, job title
Non-Updatable: Phone numbers

For more information about attributes, see Supported Attributes

What group information is synchronized?

The following group attributes are synchronized:

Required: Display name

Can I exclude certain users or groups from SCIM sync?

Yes, most identity providers allow you to:

Create provision integration with only assigned users and groups scope
Configure scope limitations in your provisioning settings

Contact Cosafe support for specific configuration guidance.

What happens when a user is deleted in my identity provider?

When a user is deleted or deactivated in your identity provider:

The user account in Cosafe is automatically deleted
The user loses access to Cosafe immediately
Historical data and audit logs are preserved

Can I manually override SCIM-managed data?

You can edit attributes that are not mapped via SCIM (Supported Attributes).

It is strongly recommended to not edit data and attributes mapped via SCIM. Doing this will result in conflicting or invalid user data between Cosafe and your IdP.

Can I still create users manually if I have enabled SCIM?

Yes! Users you create manually will be ignored by the SCIM synchronization, provided they are not managed by your identity provider.

Troubleshooting Questions

Users aren't syncing - what should I check?

Common troubleshooting steps:

Verify API credentials:
- Check API key is correct and active
- Confirm SCIM Base URL format
- Test connection via your identity provider integration configuration. Usually, in integration setup/credentials settings, after base-url and access-key/token fields, there's a button "Test", "Connect" or "Test connection".
Check identity provider configuration:
- Verify provisioning is enabled
- Confirm that attribute mappings are correct
- Confirm that groups and / or users are assigned to the SCIM integration

Why are some user attributes not syncing?

Possible causes:

Missing attribute mapping: Check your identity provider configuration
Unsupported attributes: Verify the attributes are supported by Cosafe SCIM and are mapped correctly in your identity provider configuration
Data format issues: Ensure data formats match expected SCIM standards

More details on mapping and format requirements are in Attribute Mapping Setup

How do I handle group assignment issues?

For group assignment problems:

Verify group mapping: Check that identity provider groups map to valid Cosafe group IDs
Check group permissions: Ensure groups exist and are accessible in Cosafe
Review attribute rules: Confirm group assignment in your identity provider

Implementation Questions

Can I migrate existing users to SCIM management?

Yes, existing users can be migrated to SCIM management.

Need More Help?

If you have questions not covered in this FAQ email our support team at support@cosafe.com

General Questions​

What is SCIM and why should I use it?​

Which identity providers are supported?​

Technical Questions​

What SCIM version does Cosafe support?​

What happens if my API key is compromised?​

User And Groups Management Questions​

What user information is synchronized?​

What group information is synchronized?​

Can I exclude certain users or groups from SCIM sync?​

What happens when a user is deleted in my identity provider?​

Can I manually override SCIM-managed data?​

Can I still create users manually if I have enabled SCIM?​

Troubleshooting Questions​

Users aren't syncing - what should I check?​

Why are some user attributes not syncing?​

How do I handle group assignment issues?​

Implementation Questions​

Can I migrate existing users to SCIM management?​

Need More Help?​