SCIM Provisioning

Optimaite supports the SCIM 2.0 protocol for automated user group provisioning. This allows identity providers like Azure Active Directory, Okta, and OneLogin to manage group membership directly in your Optimaite workspace.

Endpoint

GET/POST/PUT/PATCH /api/auth/scim/v2/Groups
GET/PUT/PATCH/DELETE /api/auth/scim/v2/Groups/{id}

Authentication

SCIM requests are authenticated using a Bearer token issued by Optimaite specifically for your SCIM integration.

Authorization: Bearer <scim-token>

Supported Operations

List Groups

GET /api/auth/scim/v2/Groups

{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
  "totalResults": 3,
  "Resources": [
    {
      "id": "grp_01ABCDEFG",
      "displayName": "Legal Team",
      "members": [{ "value": "usr_01ABCDEF", "display": "Jane Doe" }]
    }
  ]
}

Create / Update / Delete Groups

Standard SCIM v2 operations: POST to create, PUT to replace, PATCH for partial updates, DELETE to remove.

Setup Guides

Azure AD

1. Go to Enterprise Applications and add Optimaite
2. Navigate to Provisioning and set the mode to Automatic
3. Enter the Tenant URL: https://app.optimaite.eu/api/auth/scim/v2/Groups
4. Enter the Secret Token provided by Optimaite
5. Click Test Connection, then save and start provisioning

Okta

1. Go to Applications > Browse App Catalog and search for Optimaite
2. Add the application and navigate to the Provisioning tab
3. Set the SCIM connector base URL to: https://app.optimaite.eu/api/auth/scim/v2
4. Enter the Bearer Token provided by Optimaite
5. Enable Push Groups and select groups to sync

Supported Features

Feature	Supported
Group CRUD	Yes
Group membership sync	Yes
User creation via SCIM	No (users must exist in Optimaite first)
Filtering	Basic (displayName eq "...")
Pagination	Yes
Bulk operations	No

Next Steps

• Document Ingestion -- Inbound webhooks
• Audit Export -- Outbound audit events