InVision Cloud V7: SCIM Provisioning
This article provides answers for InVision Cloud V7 only. Not sure which version you're using? Find out now.
To streamline account management as members join or leave an organization, InVision supports automated provisioning and deprovisioning via SCIM (System for Cross-domain Identity Management). If your organization has an InVision Cloud V7 Enterprise plan, an account owner can use our SCIM API to configure SCIM in your IdP (Identity Provider) and more easily manage user access to your InVision Enterprise.
Currently, InVision Cloud V7 supports SCIM provisioning via Okta, and we are now working toward SCIM support for OneLogin and Azure. If your Enterprise wants to implement SCIM provisioning via a different IdP, please reach out to InVision Support.
What can you do with SCIM provisioning?
Setting up SCIM provisioning lets an Enterprise owner automate 3 key aspects of your member management:
- Import your InVision Enterprise members into your IdP: Importing your members into your IdP provides an initial sync between the two systems. You can then tie each member's InVision account to the corresponding IdP account or create a new account in your IdP for any member of your InVision Enterprise team who needs one.
- Add new members to your InVision Enterprise: Assigning a new user access to InVision in your IdP will automatically create an InVision account for that user.
Currently, each new addition to your Invision Enterprise team will be assigned the member role
- Deprovision members of your InVision Enterprise: If a member of your Enterprise leaves your organization, deprovisioning (i.e., deactivating) them via your IdP's SCIM will remove them from your Enterprise team.
If an Enterprise owner deactivates a user via SCIM, the user will be removed from the team on InVision and will no longer be able to sign in to the team; however, that user's data will remain available as an inactive user
on InVision. To permanently delete a team member's user data, contact InVision Support
Reactivating a removed user via SCIM will re-add the user to the team on InVision with the user's role set to member
by default, and the user will automatically regain access to the same spaces and documents they had previously.
If your Enterprise has not moved to Cloud V7 but you want to try SCIM, please reach out to [email protected] for more information.
Enabling SCIM provisioning in Cloud V7
Before you start, you’ll need to set up SAML for your InVision Cloud V7 team.
To enable SCIM provisioning for your Cloud V7 Enterprise, an owner must complete these steps:
- Sign in to Cloud V7 and click Team in the main navigation.
- Just below your Enterprise team name, click the Settings tab.
- Click the User provisioning with SCIM button.
- Toggle the Enable SCIM provisioning switch on, and then click Update.
- Save the URL provided in the SCIM API URL field (for a necessary step when configuring your IdP to allow SCIM provisioning for InVision, as seen in the instructional articles linked below).
- Copy the token in the Authentication token field to your clipboard (also for a necessary step when configuring your IdP to allow SCIM provisioning for InVision).
- Click Done.
Learning more about SCIM provisioning for InVision Cloud V7
To learn more about SCIM provisioning for Cloud V7, see these related articles: