Skip to main content
env zero now supports SCIM 2.0 (System for Cross-domain Identity Management), enabling your Identity Provider (IdP) to automatically provision and deprovision users. Instead of relying on login-time syncing, SCIM keeps your user directory in sync continuously - access is granted or revoked as soon as changes happen in your IdP.

What’s new

Automatic user provisioning and deprovisioning

  • Users are created in env zero as soon as they are assigned in your IdP
  • When a user is removed or deactivated in your IdP, their access to env zero is revoked immediately
  • No manual user management required - your IdP is the single source of truth

Self-service setup from the UI

  • Configure SCIM directly from Organization Settings > SSO after setting up an SSO connection
  • Generate a SCIM bearer token and endpoint URL with a single click
  • Works alongside your existing SAML or Azure AD SSO configuration

Supported identity providers

  • Okta - native SCIM 2.0 integration
  • Microsoft Entra ID (Azure AD) - native SCIM 2.0 integration
  • Any identity provider that supports the SCIM 2.0 standard

Why this matters

  • Security and compliance - user access is revoked the moment they leave the organization, with no manual cleanup needed
  • Operational efficiency - eliminate manual user provisioning across your infrastructure platform
  • Auditability - deprovisioning events are logged in the audit trail

How to get started

  1. Ensure you have an SSO connection configured (SAML or Azure AD)
  2. Navigate to Organization Settings > SSO
  3. In the SCIM Provisioning section, click Generate SCIM Token
  4. Copy the endpoint URL and bearer token into your identity provider’s SCIM configuration
Learn more in the SCIM Provisioning documentation.