What is SCIM provisioning?
SCIM, or System for Cross-domain Identity Management, is an open standard that allows for the automation of user provisioning. It communicates user identity data between identity providers and service providers requiring user identity information (e.g. Tresorit).
Currently, Tresorit offers SCIM integrations with two providers: Azure Active Directory and Okta.
Why enable SSO for Tresorit?
With provisioning the IT administrators of a company are enabled to manage access permissions from a central hub, namely their identity provider. It adds extra security and reduces the manual tasks of user management.
You can integrate Tresorit with your identity provider on a self-service basis through your provider’s dashboard. The next step is activating provisioning in Tresorit’s Admin Center.
Technical considerations when using Tresorit's provisioning integration
- Newly provisioned users will be automatically assigned to the Default policy template that you can configure in Tresorit Admin Center.
- Updating the user’s name does not have any effect on the Tresorit user. The name provided at registration will be in use.
- In case you change the status of SCIM managed user to Suspended on the Tresorit Admin Center UI it won’t effect their ‘active' attribute in your provisioning application
- Email address of the provisioned Tresorit user cannot be changed in the identity provider. Email address is used as an identifier in Tresorit.
Email domain verification
Although it is not required, we do recommend verifying your email domain for better control over your users. The guide for this feature: How to verify your email domain
📝 Note: Using the Add to subscription automatically option for a verified domain can result in users being added to your subscription outside SCIM provisioning. If you set up provisioning, we recommend setting either Invite only registration or Do not add to subscription for your verified domain.
Still have questions left? Drop us a line