---
title: "Configure SCIM"
slug: "configure-scim"
updated: 2025-05-12T21:39:13Z
published: 2025-05-12T21:39:13Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fullcast.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure SCIM

System for Cross-domain Identity Management (SCIM) is an open standard protocol that automates the exchange of user identity information between Fullcast and your SAML Identity Provider (IdP). Configure SCIM mappings in Fullcast to synchronize with your IdP.

### Key features

- **Automated provisioning:**Allows for the automated creation and modification of user accounts and group memberships.
- **Reduced errors:**Minimizes manual errors and inconsistencies in user management.
- **Improved security:**Ensures that user accounts are properly deprovisioned when they are no longer needed, reducing the risk of unauthorized access and data breaches.

### Before you begin

- [**Configure SSO with Fullcast:**](/v1/docs/configure-sso) You must have SSO configured with your IdP.
- **Login to your IdP:** You must be logged in so you can update the settings for SCIM with Fullcast.

> [!WARNING]
> Tip
> 
> Log in to your IdP in a separate tab or window so you can complete the configuration with Fullcast simultaneously.

### Configure SCIM with SSO

1. [Configure SSO](/v1/docs/configure-sso) with Fullcast.
2. From your IdP, enable SCIM.
3. Under the **SCIM Configuration** section, click **Configure SCIM**.![Configure SCIM button highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(167).png)
4. Copy the **SCIM URL** and paste it in the appropriate field in your IdP.

![SCIM URL and copy option highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(170).png)
5. Click **Create Token.**
6. On the Token Created! window, click **Copy**to copy the generated bearer token and paste in the appropriate field in your IdP.

> [!WARNING]
> Tip
> 
> Once the**Token Created!**window is closed, you cannot access the token again. Save the token on your local device as a back up in case you need to access it again for any reason.

![Bearer token highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(169).png)
7. Click **Close**.
8. In the **User ID** attribute field, add the SCIM attribute path for the unique user identifier from your IdP.

> [!NOTE]
> Note
> 
> If you add the incorrect path, you can click **Restore Default**to reset the field.

![User ID attribute field highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(180).png)
9. [Update the path mappings for required attributes](/v1/docs/configure-scim#update-path-mappings-to-required-attributes).
10. [Add and updated path mappings for optional attributes](/v1/docs/configure-scim#add-optional-attribute-mappings), if needed.
11. Click **Save Settings.**

#### Update path mappings to required attributes

For each Fullcast attribute you need to add the SCIM path which filters the required information from the SCIM response to synchronize the fields between Fullcast and your IdP.

> [!NOTE]
> Note
> 
> These attribute paths are required for Fullcast to synchronize with your IdP and cannot be changed.

1. In the **Identity Provider (IdP)** column, click the example paths and replace with the paths from your IdP, if different.

![Identity Provider mapping column highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(175).png)

#### Description of required attribute mappings

Refer to the following table for a description of the required attributes and mappings:

| Fullcast attribute name | Mapping description | Mapping example |
| --- | --- | --- |
| username | A unique identifier chosen by the user to log in to a system or application. | userName |
| email | The user's electronic mail address, typically used for communication and account recovery. | emails[primary eq true].value |
| given_name | The user's first name or forename. | name.givenName |
| family_name | The user's last name or surname. | name.familyName |

#### Add optional attribute mappings

You can add additional attribute mappings to include with the SCIM.

1. Click **Add Row**.
2. In the **Fullcast**column, click the new attribute and select the attribute you want to add from the dropdown.

![Fullcast optional attribute list highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(179).png)
3. In the I**dentity Provider (IdP)** column, click on the example path and replace with the path from your IdP.

![Identity Provider optional mapping highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(176).png)

#### **Description of optional attribute mappings**

Refer to the following table for a description of available attributes:

| Attribute name | Mapping description | Mapping example |
| --- | --- | --- |
| app_metadata.external_id | A unique identifier for the user within an external system or application. | externalId |
| blocked | A boolean (true/false) indicating whether the user's access or account is currently blocked. | active |
| nickname | An informal or alternative name used by the user. | nickName |
| name | The full name of the user. | displayName |
| picture | A URL or link to the user's profile picture or avatar. | photos[type eq "photo"].value |
| app_metadata.work_phone_number | The user's workplace phone number. | phoneNumbers[type eq "work"].value |
| app_metadata.home_phone_number | The user's personal or residential phone number. | phoneNumbers[type eq "home"].value |
| app_metadata.mobile_phone_number | The user's cellular phone number. | phoneNumbers[type eq "mobile"].value |
| app_metadata.street_address | The street component of the user's physical address. | addresses[type eq "work"].streetAddress |
| app_metadata.city | The city component of the user's physical address. | addresses[type eq "work"].locality |
| app_metadata.state | The state or province component of the user's physical address. | addresses[type eq "work"].region |
| app_metadata.postal_code | The zip code or postal code component of the user's physical address. | addresses[type eq "work"].postalCode |
| app_metadata.postal_address | A more complete or formatted version of the user's postal address. | addresses[type eq "work"].formatted |
| app_metadata.country | The country component of the user's physical address. | addresses[type eq "work"].country |
| app_metadata.profile_url | A URL or link to the user's public profile on a website or platform. | profileUrl |
| app_metadata.user_type | A categorization of the user (such as employee, customer, or administrator). | userType |
| app_metadata.title | The user's professional job title. | title |
| app_metadata.language | The user's preferred language. | preferredLanguage |
| app_metadata.locale | A specific geographical or cultural region associated with the user, often including language and regional preferences. | locale |
| app_metadata.timezone | The time zone in which the user is located. | timezone |
| app_metadata.entitlements | Specific permissions, licenses, or access rights granted to the user. | entitlements |
| app_metadata.roles | Defined sets of permissions or responsibilities assigned to the user within a system. | roles |
| app_metadata.employee_id | A unique identification number assigned to the user by their employer. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.employeeNumber |
| app_metadata.cost_center | A specific department or unit within an organization to which the user's costs are attributed. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.costCenter |
| app_metadata.organization | The name of the company or organization the user belongs to. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.organization |
| app_metadata.division | A larger organizational unit within a company. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.division |
| app_metadata.department | A specific functional team or group within an organization. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.department |
| app_metadata.manager | The identifier (likely an ID or username) of the user's direct supervisor or manager. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager |

#### Remove optional attributes

1. Click **Delete**to remove optional attributes from the SCIM configuration.

![Delete option highlighted.](https://cdn.document360.io/369efcf7-66f9-4f6b-9d45-9ca24a5b06cf/Images/Documentation/image(178).png)

### Delete SCIM Configuration

If you delete the SCIM configuration it will permanently remove all SCIM paths and settings.

1. Click **Delete Configuration**.
2. In the **Delete SCIM Configuration** confirmation window, click **Delete**.
3. Click **Save Settings.**