SCIM Provisioning for InVision V6
This article provides information on an open beta feature for InVision V6 Enterprise teams.
InVision V6 now offers support for SCIM provisioning via Okta, OneLogin, and Azure. If you haven't implemented SCIM provisioning for your Enterprise, please reach out to your Customer Success Manager to get rolling while the feature is in open beta.
To streamline account management as people join or leave an organization, InVision supports automated provisioning and deprovisioning via SCIM (System for Cross-domain Identity Management). If your organization has an InVision V6 Enterprise plan, an account owner or admin can use our SCIM API to configure SCIM in your IdP (Identity Provider) and more easily manage user access to your InVision Enterprise.
What can you do with SCIM provisioning?
Setting up SCIM provisioning lets an Enterprise owner or admin automate 3 key aspects of your member management:
- Import your InVision Enterprise members into your IdP: Importing your members into your IdP provides an initial sync between the two systems. You can then tie each member's InVision account to the corresponding IdP account or create a new account in your IdP for any member of your InVision Enterprise team who needs one.
- Add new members to your InVision Enterprise: Assigning a new user access to InVision in your IdP will automatically create an InVision account for that user.
Currently, each new addition to your Invision Enterprise team will be assigned the team member role
- Deprovision members of your InVision Enterprise: If a member of your Enterprise leaves your organization, deprovisioning (i.e., deactivating) them via your IdP's SCIM will remove them from your Enterprise team.
If an Enterprise owner or admin deactivates a user via SCIM, the user will be removed from the team on InVision and will no longer be able to sign in to the team; however, that user's data will remain available as an inactive user
on InVision. To permanently delete a team member's user data, contact InVision Support
Reactivating a removed user via SCIM will re-add the user to the team on InVision with the user's role set to member
by default, and the user will automatically regain access to the same spaces and documents they had previously.
Enabling SCIM provisioning in InVision V6
Before you start, you’ll need to set up SAML for your InVision V6 team.
To enable SCIM provisioning for your InVision V6 Enterprise, an owner or admin must complete these steps:
- Sign in to your InVision Enterprise here:
- At the top of the page, click People.
- To the right of the Teams tab, click the ••• (more) icon and click SCIM Provisioning.
- Toggle the Enable SCIM provisioning radio button on.
- Save the URL provided in the SCIM API URL field (for a necessary step when configuring your IdP to allow SCIM provisioning for InVision, as seen in the instructional articles linked below).
- Copy the token in the Authentication token field to your clipboard (also for a necessary step when configuring your IdP to allow SCIM provisioning for InVision).
The part of the URL you need to copy during step 5 above depends on which IdP you use:
- OneLogin requires just the subdomain:
- Okta requires just the base URL:
- Azure requires the complete URL:
After completing the steps above, you're ready to configure your IdP to enable SCIM provisioning:
Additional SCIM provisioning guides for InVision V6
To learn more about SCIM provisioning for InVision V6, see these related articles: