SCIM Directory Sync
Available on: Enterprise Edition>= 0.18.0
Sync users and groups from your Identity Provider to Kestra using SCIM.
What is SCIM
SCIM (System for Cross-domain Identity Management) is an open standard protocol designed to facilitate user identity management across multiple systems.
It simplifies user provisioning, de-provisioning, and group synchronization between identity providers (IdPs) such as Microsoft Entra ID or Okta, and service providers (SPs) such as Kestra. In Layman's terms, SCIM allows you to automatically keep your users and groups in sync between your IdP and Kestra.
Kestra relies explicitly on the SCIM 2.0 protocol for directory synchronization.
Benefits of a Directory Sync with SCIM
- Automated provisioning and de-provisioning: SCIM allows you to automate provisioning and de-provisioning of users, creating a single source of truth (SSOT) of the user identity data. Instead of manually creating and managing users in Kestra, you can sync them from your IdP.
- Consistency and compliance: with SCIM, you can ensure consistency of identity information across systems and stay compliant with security and regulatory requirements.
- Governance at scale: managing users at scale across many applications can be difficult without a standardized method for identity synchronization. SCIM provides a scalable solution for managing user identities.
Supported Identity Providers
For a detailed guide on how to set up SCIM provisioning with a specific IdP, refer to the documentation for the respective provider.
authentik SCIM Provisioning
Sync Users and Groups from authentik to Kestra using SCIM.
Keycloak SCIM Provisioning
Sync Users and Groups from Keycloak to Kestra using SCIM.
Microsoft Entra ID SCIM Provisioning
Sync Users and Groups from Microsoft Entra ID to Kestra using SCIM.
Okta SCIM Provisioning
Sync Users and Groups from Okta to Kestra using SCIM.
Was this page helpful?