SCIM Provisioning for InVision V6
  • 30 Jan 2023
  • 3 Minutes to read
  • Dark
    Light

SCIM Provisioning for InVision V6

  • Dark
    Light

Article Summary

This article provides information on an open beta feature for InVision V6 Enterprise teams.

InVision V6 now offers support for SCIM provisioning via Okta, OneLogin, and Azure. If you haven't implemented SCIM provisioning for your Enterprise, please reach out to your Customer Success Manager to get rolling while the feature is in open beta.

To streamline account management as people join or leave an organization, InVision supports automated provisioning and deprovisioning via SCIM (System for Cross-domain Identity Management). If your organization has an InVision V6 Enterprise plan, an account owner or admin can use our SCIM API to configure SCIM in your IdP (Identity Provider) and more easily manage user access to your InVision Enterprise.

What can you do with SCIM provisioning?

Setting up SCIM provisioning lets an Enterprise owner or admin automate 3 key aspects of your member management:

  • Import your InVision Enterprise members into your IdP: Importing your members into your IdP provides an initial sync between the two systems. You can then tie each member's InVision account to the corresponding IdP account or create a new account in your IdP for any member of your InVision Enterprise who needs one.
  • Add new members to your InVision Enterprise: Assigning a new user access to InVision in your IdP will automatically create an InVision account for that user. Currently, each new addition to your Invision Enterprise team will be assigned the contributor role by default.
  • Deprovision members of your InVision Enterprise:If a member of your Enterprise leaves your organization, deprovisioning (i.e., deactivating) them via your IdP's SCIM will remove them from your Enterprise team.

    Warning: If an Enterprise owner or admin deactivates a user via SCIM, the user will be removed from the team on InVision and will no longer be able to sign in to the team; however, that user's data will remain available as an inactive user on InVision. To permanently delete a team member's user data, contact InVision Support.

    Reactivating a removed user via SCIM will re-add the user to the team on InVision with the user's role set to contributor by default; however, the user will not regain access to any spaces and documents they had previously belonged to. They will need to be manually invited to each space and document. 

Enabling SCIM provisioning in InVision V6

Before you start, you’ll need to set up SAML for your InVision V6 team.

To enable SCIM provisioning for your InVision V6 Enterprise, an owner or admin must complete these steps:

  1. Sign in to your InVision Enterprise here: your-team-name.invisionapp.com
  2. At the top of the page, click People.
  3. To the right of the Teams tab, click the ••• (more) icon and click SCIM Provisioning.
  4. Toggle the Enable SCIM provisioning radio button on.
  5. Save the URL provided in the SCIM API URLfield for the IdP you want to use (for a necessary step when configuring your IdP to allow SCIM provisioning for InVision, as seen in the instructional articles linked below).
    • For OneLogin, save just the subdomain: your—team—name
    • For Okta, save just the base URL: https://your—team—name.invisionapp.com
    • For Azure, save the complete URL: https://your—team—name.invisionapp.com/scim/v2
  6. Copy the token in the Authentication token field to your clipboard (also for a necessary step when configuring your IdP to allow SCIM provisioning for InVision).

After completing the steps above, you're ready to configure your IdP to enable SCIM provisioning. Click a link below to get started:

Additional SCIM provisioning guides for InVision V6

To learn more about SCIM provisioning for InVision V6, see these related articles:


Was this article helpful?