How to set up and manage SCIM

Updated

Learn how to set up and manage SCIM for your organization to automate user provisioning, streamline access control, and enhance security with seamless data synchronization between your platform and identity providers.

SCIM is available on Kahoot! Enterprise (Standard, Pro, and Premium) and Kahoot! EDU (Pro and Premium) plans.

Shortcuts:

How to set up SCIM

SCIM (System for Cross-domain Identity Management) gives your organization full control over user access by automating provisioning and deprovisioning. This eliminates manual work, boosts security, and ensures accurate user data across systems.

To set up SCIM, follow these steps:

  1. Contact your Account Manager in order to have API access and roles enabled for your organization.
  2. Log in to your account as the Organization Owner and click on your profile icon in the top-right corner of the screen.
     
  3. Navigate to Team settings and then Configurations, and find SSO and SCIM Management.
     
  4. Click “Start setup” to begin the process.
     

  5. Follow the prompts and proceed to the next step.

     

  6. Under Identity Provider (IdP) Settings, choose your vendor (e.g., Okta, Azure)

  7. Select your SSO type. You’ll have two options:

    a. If you choose OIDC (OpenID Connect): 
    You’ll be prompted to enter the following details:
    - Client ID
    - Client secret
    - Discovery URL


    b. If you choose SAML:

    Instead of entering client credentials, you’ll be asked to provide your SAML metadata URL (labeled as “SAML entity”).

  8. Select your Organization Type and click Continue.
     

    If you’re setting up only SSO

    1. Click Skip this step to proceed without SCIM. 
    2. Share the invitation link with team members so they can log in via SSO and join your organization.
    3. Copy the metadata link and paste it into your Identity Provider (IdP) settings.


     

    If you’re setting up both SSO and SCIM

    1. Click Generate SCIM Token
    2. Copy the SCIM token and send it to your IT department. They’ll use it to integrate SCIM with your Identity Provider. 
    3. Copy the metadata link and paste it into your Identity Provider (IdP) settings.

  9. Once done, SSO & SCIM are successfully set up and ready to manage user access automatically.

This setup ensures a secure, automated approach to managing employee access and keeps your organization compliant and efficient.

How to edit SCIM

If your identity provider settings have changed, you can update them under SCIM Management. Any edits made to the existing connection will require reauthorization with the updated credentials.

Here’s how to do it:

  1. Log in to your account as the Organization Owner.
     
  2. Click your profile icon in the top-right corner of the screen to open the menu.
     
  3. Go to Configurations and locate SSO and SCIM Management.
     
  4. Click the pencil icon next to the existing SCIM connection to begin editing.

     
  5. A panel with your current IdP connection details will appear. Click the Edit button to make changes.

    Need the metadata link?
    If you didn’t copy the metadata link during your initial setup, you can still access it from this editing panel. Simply copy it and paste it into your Identity Provider settings to ensure proper configuration.
     
📌  Note: Once you edit the current connection, it will become invalid. You must share the updated credentials with your IT department to re-establish the SCIM connection.
  1. After updating the necessary fields (e.g., Client ID, Client Secret, or Discovery URL), click Save to confirm your changes.

FAQ

1. Who can set up SCIM in our organization? Only users with the Organization Owner role have the necessary permissions to access and configure SCIM settings.
 

2. Is SCIM configuration mandatory if we already use SSO?
No, setting up SCIM is not mandatory. If your organization only requires Single Sign-On (SSO) for secure login, you can enable SSO without configuring SCIM. SCIM is useful for automating user provisioning and deprovisioning, but it's entirely optional. If your company’s infrastructure doesn’t support SCIM or you prefer to manage users manually, you can still maintain secure access with SSO alone.
 

3. What do I need to start setting up SCIM? You will need:

  • API access enabled for your organization
  • Credentials from your Identity Provider (Client ID, Client Secret, Discovery URL or SAML Entity)
  • Access to SSO and SCIM Management in your account settings.
     

4. What should I do if I can’t proceed with the setup? If API access is not enabled, or you encounter an error, please contact your Account Manager for support.
 

5. What is a SCIM Token and when do I need it? The SCIM Token is a secure key used to link your SCIM integration with your identity provider. It’s required in some configurations and optional in others, depending on your IdP setup.
 

6. Where do I send the SCIM Token once it’s generated? Send the token to your IT department. They’ll use it to complete the configuration on your identity provider’s side.
 

7. Can I edit SCIM settings after the setup is complete? Yes. Go to SSO and SCIM Management, click the pencil icon, and edit your connection. Note: Editing will invalidate the current setup. Be sure to share updated credentials with your IT team.
 

8. What happens if I enter incorrect credentials during setup? The connection will fail. Double-check your Client ID, Client Secret, and Discovery URL or SAML details and correct any errors. You can go back and edit them anytime.
 

9. Can I delete the SCIM integration if needed? Yes. Click the trash bin icon in your SCIM settings and confirm deletion to remove the connection completely.

Related articles

Kahoot!

Related articles

Kahoot!

0 comments

Please sign in to leave a comment.