Enabling this option allows the identity provider to push user and group information at regular intervals to provision new users, delete users, and keep each user's SAML groups and roles in sync with their

Informatica Intelligent Cloud Services

user roles. In this case, auto-provisioning of users is disabled because users are provisioned through SCIM. You can also create users manually in

Administrator

.

Informatica Intelligent Cloud Services

hosts SCIM endpoints that the identity provider can use to perform certain operations in

Informatica Intelligent Cloud Services

. These operations include creating and deactivating users, creating and deleting user groups, adding and removing users from groups, and updating user attributes.

To access the SCIM endpoints, you must create a provisioning app as a SCIM client in Azure Active Directory or Okta. No special privileges are needed to access the SCIM endpoints. When you create the app, you must provide the token that you generate on the

SAML Setup

page. The SCIM token is valid for six months from the time of generation.

For information about setting up SCIM 2.0 and creating the provisioning app, see the following H2L articles on Informatica Network:

When you enable SCIM provisioning, additional user attributes such as Display Name, Employee Number, Organization, Division, and Department are also pushed to

Informatica Intelligent Cloud Services

. You must map these attributes on the

SAML Setup

page. You can view these attributes for each user on the user details page.

User and group information for individual users is also passed in the SAML token during single sign-on. As a result, if a user's SAML roles, groups, or attributes change,

Informatica Intelligent Cloud Services

updates the user information when the user signs on.