Introduction
SCIM is available exclusively for Enterprise customers. Contact our sales team at sales@replit.com to enable this feature for your organization.
Key Features
Automated User Management
Automatically provision and deprovision users based on your IdP’s directory
Role Synchronization
Keep user roles and permissions in sync with your organizational structure
Bulk Operations
Efficiently manage large teams with bulk user operations
Major IdP Support
Direct integration with Azure AD, Okta, and other leading identity providers
Benefits
SCIM integration provides several advantages for Enterprise teams:- Enhanced Security: Leverage your existing identity management systems for robust access control
- Simplified Administration: Automatically manage team members through your identity provider
- Efficient Onboarding: Seamlessly provision large teams without manual intervention
- Consistent Access Control: Maintain uniform access policies across your organization
Getting Started
Enable SCIM
Go to your Organization Settings > Authentication tab to enable SCIM for your Enterprise organization
Configure Your IdP
Access the SCIM onboarding portal directly from the Authentication settings page. The onboarding portal provides step-by-step instructions specific to your identity provider for synchronizing your user directory
Best Practices
- Document role allocations for existing Replit users before enabling SCIM
- Configure groups for each Replit role, keeping in mind that users without a group will default to the Viewer role
- Test your configuration by provisioning a small group of users before enabling bulk provisioning
- After initial sync, review and configure permissions for custom groups based on your organization’s access control needs
- Dedicate role-control groups to control access levels of provisioned users in Replit and use other push groups for user categorization and bulk permission management
- Document your SCIM configuration for future reference
Role Assignment
All provisioned accounts are created in your Replit organization as “Viewers”, which grants the most limited set of permissions and no ability to create apps. You can bulk edit member roles within your organization by selecting “Assign roles” in your SCIM portal and specifying which role to assign to each push group. For example, you can use this to assign the “Admin” role to the synced “Managers” group, and the “Guest” role to the synced “Contractors” group. To learn more about viewer access, see Viewer Seats.Group Synchronization
All pushed groups from your IdP will be synchronized to Replit with the same members. For example, if you start pushing an “Engineering” group via SCIM, a corresponding “Engineering” group will be created in Replit that includes the same members. Group membership will be automatically updated to reflect the group membership in your IdP. You can use these synchronized groups for bulk editing member permissions, such as sharing an app with everyone in the “Engineering” group. For detailed information about groups, see Groups & Permissions.FAQs
What happens to users who already have accounts on replit.com before SCIM was setup?
When SCIM is enabled, existing users are handled in two ways:-
Users provisioned through SCIM:
- Their roles will be updated to match those provided by your IdP
- These users can only be added, removed, or have their roles changed through your IdP
- To ensure permissions remain synchronized, admins will no longer be able to edit roles or invite new users within Replit
-
Users not provisioned through SCIM:
- These users remain unchanged and are considered “legacy” users
- Access is not automatically revoked to prevent accidental deprovisioning
- Legacy users can be removed through the Replit interface by organization admins if needed
What roles can be provisioned with SCIM?
SCIM users can be assigned to three roles:- Admin: Full access to organization settings and resources
- Member: Standard access to create and edit Replit Apps
- Viewer: Read-only access to published applications