You can synchronize users or groups from an external identity provider (IdP) that supports System for Cross-domain Identity Management (SCIM) 2.0 to CloudSSO. This topic describes how to enable or disable SCIM synchronization in the CloudSSO console.

Enable SCIM synchronization

You can synchronize users or groups from an external IdP to CloudSSO only after SCIM synchronization is enabled.

You also need to create SCIM credentials for the synchronization. For more information about how to create SCIM credentials, see Create SCIM credentials.

  1. Log on to the CloudSSO console.
  2. In the left-side navigation pane, click Settings.
  3. In the User Synchronization Configuration section of the Settings page, turn on SCIM Synchronization Disabled. After you turn on the switch, SCIM synchronization is enabled.

After you enable SCIM synchronization, you cannot modify or delete the users and groups that are synchronized to CloudSSO by using SCIM. You cannot add users to or remove users from the groups that are synchronized to CloudSSO.

Disable SCIM synchronization

In the User Synchronization Configuration section of the Settings page, turn off SCIM Synchronization Enabled. After you turn off the switch, SCIM synchronization is disabled.

The following list describes the impacts after SCIM synchronization is disabled:

  • You cannot synchronize users or groups from an external IdP to CloudSSO.
  • You can modify or delete the users or groups that are synchronized to CloudSSO by using SCIM.
    Note If you enable SCIM synchronization after it is disabled, the modifications on the synchronized users or groups may be automatically rolled back, and the deleted synchronized users may appear in the CloudSSO console again.