> **Building with AI coding agents?** If you're using an AI coding agent, install the official Scalekit plugin. It gives your agent full awareness of the Scalekit API — reducing hallucinations and enabling faster, more accurate code generation.
>
> - **Claude Code**: `/plugin marketplace add scalekit-inc/claude-code-authstack` then `/plugin install <auth-type>@scalekit-auth-stack`
> - **GitHub Copilot CLI**: `copilot plugin marketplace add scalekit-inc/github-copilot-authstack` then `copilot plugin install <auth-type>@scalekit-auth-stack`
> - **Codex**: run the bash installer, restart, then open Plugin Directory and enable `<auth-type>`
> - **Skills CLI** (Windsurf, Cline, 40+ agents): `npx skills add scalekit-inc/skills --list` then `--skill <skill-name>`
>
> `<auth-type>` / `<skill-name>`: `agent-auth`, `full-stack-auth`, `mcp-auth`, `modular-sso`, `modular-scim` — [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/)

---

# Set up SCIM connection

Scalekit supports user provisioning based on the [SCIM protocol](/directory/guides/user-provisioning-basics/). This allows your customers to manage their users automatically through directory providers, simplifying user access and revocation to your app when their employees join or leave an organization.

By configuring their directory provider with your app via the Scalekit admin portal, customers can ensure seamless user management.

1. ## Enable SCIM provisioning for the organization

    The SCIM provisioning feature should be enabled for that particular organization. You can manually do this via the Scalekit dashboard > organization > overview. The other way, is to provide an option in your app so that organization admins (customers) can enable it within your app.

    Here's how you can do that with Scalekit. Use the following SDK method to enable SCIM provisioning for the organization:

    ```javascript title="Enable SCIM" showLineNumbers=false
    const settings = {
      features: [
        {
          name: 'scim',
          enabled: true,
        }
      ],
    };

    await scalekit.organization.updateOrganizationSettings(
      '<organization_id>', // Get this from the idToken or accessToken
      settings
    );
    ```
    ```python title="Enable SCIM" showLineNumbers=false
    settings = [
        {
            "name": "scim",
            "enabled": True
        }
    ]

    scalekit.organization.update_organization_settings(
        organization_id='<organization_id>',  # Get this from the idToken or accessToken
        settings=settings
    )
    ```
    ```java title="Enable SCIM" showLineNumbers=false
    OrganizationSettingsFeature featureSCIM = OrganizationSettingsFeature.newBuilder()
            .setName("scim")
            .setEnabled(true)
            .build();

    updatedOrganization = scalekitClient.organizations()
            .updateOrganizationSettings(organizationId, List.of(featureSCIM));
    ```
    ```go title="Enable SCIM" showLineNumbers=false
    settings := OrganizationSettings{
        Features: []Feature{
            {
                Name:    "scim",
                Enabled: true,
            },
        },
    }

    organization, err := sc.Organization().UpdateOrganizationSettings(ctx, organizationId, settings)
    if err != nil {
        // Handle error
    }
    ```
    Alternatively, enable SCIM provisioning from the Scalekit dashboard: navigate to Organizations, open the menu (⋯) for an organization, and check SCIM provisioning.

2. ## Enable admin portal for enterprise customer onboarding

    After SCIM provisioning is enabled for that organization, provide a method for configuring a SCIM connection with the organization's identity provider.

    Scalekit offers two primary approaches:
    - Generate a link to the admin portal from the Scalekit dashboard and share it with organization admins via your usual channels.
    - Or embed the admin portal in your application in an inline frame so administrators can configure their IdP without leaving your app.

    [See how to onboard enterprise customers](/directory/guides/onboard-enterprise-customers/)

3. ## Test your SCIM integration

    To verify that SCIM provisioning is working correctly, create a new user in the directory provider and confirm that it is automatically created in the Scalekit organization's user list.

    To programmatically list the connected directories in your app, use the following SDK methods:

    ```javascript title="List connected directories" showLineNumbers=false
    const { directories } = await scalekit.directory.listDirectories('<organization_id>');
    ```
    ```python title="List connected directories" showLineNumbers=false
    directories = scalekit_client.directory.list_directories(organization_id='<organization_id>')
    ```
    ```java title="List connected directories" showLineNumbers=false
    ListDirectoriesResponse response = scalekitClient.directories().listDirectories(organizationId);
    ```
    ```go title="List connected directories" showLineNumbers=false
    directories, err := sc.Directory().ListDirectories(ctx, organizationId)
    ```
    The response will be a list of connected directories, similar to the following:

    ```json title="List connected directories response" showLineNumbers=false frame="terminal"
    {
      "directories": [
        {
          "attribute_mappings": {
            "attributes": []
          },
          "directory_endpoint": "https://yourapp.scalekit.com/api/v1/directoies/dir_123212312/scim/v2",
          "directory_provider": "OKTA",
          "directory_type": "SCIM",
          "email": "john.doe@scalekit.cloud",
          "enabled": true,
          "groups_tracked": "ALL",
          "id": "dir_121312434123312",
          "last_synced_at": "2024-10-01T00:00:00Z",
          "name": "Azure AD",
          "organization_id": "org_121312434123312",
          "role_assignments": {
            "assignments": [
              {
                "group_id": "dirgroup_121312434123",
                "role_name": "string"
              }
            ]
          },
          "secrets": [
            {
              "create_time": "2024-10-01T00:00:00Z",
              "directory_id": "dir_12362474900684814",
              "expire_time": "2025-10-01T00:00:00Z",
              "id": "string",
              "last_used_time": "2024-10-01T00:00:00Z",
              "secret_suffix": "Nzg5",
              "status": "INACTIVE"
            }
          ],
          "stats": {
            "group_updated_at": "2024-10-01T00:00:00Z",
            "total_groups": 10,
            "total_users": 10,
            "user_updated_at": "2024-10-01T00:00:00Z"
          },
          "status": "IN_PROGRESS",
          "total_groups": 10,
          "total_users": 10
        }
      ]
    }
    ```
4. ## Enterprise users are now automatically provisioned your app

   Scalekit automatically provisions and synchronizes users from the directory provider to your application. The organization administrator configures the synchronization frequency within their directory provider console.

   To retrieve a list of all provisioned users, use the [Directory API](https://docs.scalekit.com/apis/#tag/directory/GET/api/v1/organizations/{organization_id}/directories/{directory_id}/users).

---

## More Scalekit documentation

| Resource | What it contains | When to use it |
|----------|-----------------|----------------|
| [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content |
| [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas |
| [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |