Available for: Enterprise plan
Set up by: Company-level admin
System for Cross-domain Identity Management, also known as SCIM, provides automated provisioning and user management for Miro Enterprise accounts through your Identity Provider (IdP).
SAML based SSO must be properly set up and be functional in your Enterprise account before you start configuring automated provisioning. See the guide to configuring SAML SSO.
💡 The SCIM changes are primarily applied to newly assigned users. The status of those who are already under your subscription will be supplemented but not overwritten (for instance, if a user is a member of Team1 on the Miro side and your IDP pushes the data to add them to Team2, their status in Team1 remains unaffected). See below for the supported changes.
The following provisioning features are supported:
- Push new users
New users assigned to Miro application in IdP will also be created in your Miro Enterprise account as Members.
- Push user profile updates
Any updates to user's first name or last name or display name will also be pushed to their profiles in Miro
- Push groups
Groups and their members can be pushed to your Miro Enterprise account. Use it to automatically manage user membership in Miro teams.
- Deactivate users
Deactivating a user or disabling a user's access to the application through IdP will deactivate the user in your Miro Enterprise account.
- Reactivate users
User profiles can be reactivated in your Miro Enterprise account.
The following features are not supported:
- Create and delete groups
- Update passwords and primary email
- Miro SCIM API does not create new teams in Miro, so all assigned groups should exist in your Miro account as teams before linking. Miro SCIM API matches groups and Miro teams by names.
All users of assigned groups will be automatically treated as assigned users and will be provisioned to corresponding teams in Miro.
- Users assigned to the application without being added to a group will be provisioned to your Miro Enterprise account but won't be added to any teams (they will get the Non-team user role) and, as a result, they won't be able to see any boards. You can still add such users to a team through the Active Users page in Miro.
- All users provisioned under SCIM are assigned the default license of your subscription (a full license if you do not user Day passes, or an occasional license if you do). If your subscription runs out of licenses the users start getting provisioned under the Free Restricted license.
Step 1: Enable SCIM option in Miro
To enable SCIM for your Miro Enterprise account, go to the Settings > Security, enable the SCIM Provisioning feature. There you can get the Base URL and the API Token for configuring your IdP.
Step 2: Configure your Identity Provider
The setup will depend on the Identity Provider you use. Miro supports preconfigured Okta and Azure AD however you can use any Identity Provider of your choice for as long as it allows setting up SCIM.
OKTA - see the setup instruction here.
Azure AD- see the setup instruction here.
For more information please reach out to firstname.lastname@example.org.