SCIM Provisioning for InVision V7

Which version of InVision are you on? This article provides answers for InVision V7 only. Not sure which version you're using? Check the upper-right corner of your account dropdown. Don't see the V7 tag? You're on V6.

To streamline account management as people join or leave an organization, InVision supports automated provisioning and deprovisioning via SCIM (System for Cross-domain Identity Management). If your organization has an InVision V7 Enterprise plan, an account owner or admin can use our SCIM API to configure SCIM in your IdP (Identity Provider) and more easily manage user access to your InVision Enterprise.

What can you do with SCIM provisioning?

Setting up SCIM provisioning lets an Enterprise owner or admin automate 3 key aspects of your member management:

• Import your InVision Enterprise members into your IdP: Importing your members into your IdP provides an initial sync between the two systems. You can then tie each member's InVision account to the corresponding IdP account or create a new account in your IdP for any member of your InVision Enterprise team who needs one.
• Add new members to your InVision Enterprise:Assigning a new user access to InVision in your IdP will automatically create an InVision account for that user.
  Currently, each new addition to your Invision Enterprise team will be assigned the team member role by default.
• Deprovision members of your InVision Enterprise:If a member of your Enterprise leaves your organization, deprovisioning (i.e., deactivating) them via your IdP's SCIM will remove them from your Enterprise team.

  Warning: If an Enterprise owner or admin deactivates a user via SCIM, the user will be removed from the team on InVision and will no longer be able to sign in to the team; however, that user's data will remain available as an inactive user on InVision. To permanently delete a team member's user data, contact InVision Support.
  
  Reactivating a removed user via SCIM will re-add the user to the team on InVision with the user's role set to member by default, and the user will automatically regain access to the same spaces and documents they had previously.

If your Enterprise has not moved to InVision V7 but you want to try SCIM, please contact InVision Support for more information.

Enabling SCIM provisioning in InVision V7

Before you start, you’ll need to set up SAML for your InVision V7 team.

To enable SCIM provisioning for your InVision V7 Enterprise, an owner or admin must complete these steps:

1. Sign in to your InVision Enterprise here: your-team-name.invisionapp.com
2. In the lower-left corner, click the [Your Team Name] dropdown, and then click People & Team settings.
3. Just below your Enterprise team name, click the Settings tab.
4. Click the User provisioning with SCIM button.
5. Toggle the Enable SCIM provisioning switch on, and then click Update.
6. Save the URL provided in the SCIM API URLfield (for a necessary step when configuring your IdP to allow SCIM provisioning for InVision, as seen in the instructional articles linked below).
   • For OneLogin, save just the subdomain: your—team—name
   • For Okta, save just the base URL: https://your—team—name.invisionapp.com
   • For Azure, save the complete URL: https://your—team—name.invisionapp.com/scim/v2
7. Copy the token in the Authentication token field to your clipboard (also for a necessary step when configuring your IdP to allow SCIM provisioning for InVision).
8. Click Done.

   

Learning more about SCIM provisioning for InVision V7

To learn more about SCIM provisioning for InVision V7, see these related articles:

• Configuring Okta to Allow SCIM Provisioning for InVision
• Configuring OneLogin to Allow Provisioning for InVision
• Configuring Microsoft Azure to Allow Provisioning for InVision V7
• Provisioning and Deprovisioning Enterprise Members via Okta’s SCIM
• How can I check if provisioning or deprovisioning a member of my Enterprise failed?
• Why can’t I see the authentication token in my SCIM settings?