Provisioning Users with SCIM

This article discusses provisioning users to your Cato account with the SCIM protocol.


Note: This article provides information for Single User Identity. For more information about the Single User Identity changes, see Understanding the Single User Identity​.


SCIM defines a standard for exchanging identity information across different cloud app vendors. For example, with SCIM you can easily create, update, or remove user data at scale in your Cato account.

User information is securely synced from your IdP to Cato to create users. Any changes to users details that were made in the IdP are reflected in Cato in near real time. 

Once a user is provisioned with SCIM they can be assigned a license and be included in policies.

Advantages of Provisioning users with SCIM

Provisioning users with SCIM has these advantages:

  • Immediately synchronize users from the IdP to your Cato account.

  • Updates or changes to group membership or user profiles are updated in near real time

  • Integrate the IdP to your Cato account without configuring any in-bound firewall rules

  • SCIM is widely supported by IdP vendors, and is easy to integrate with your account

Provisioning Users Process Flow

This process explains how users are provisioned from your IdP, and then assigned licenses and added to policies, so they can securely connect to the network.

  1. In your IdP, define the users and/or groups to be provisioned to Cato.

  2. Configure automatic user sync with Cato.

  3. Assign licenses to required users

  4. Apply polices to users

Provisioning Users with SCIM

These are the IdPs that are support for provisioning users with SCIM:

  • Azure

  • Okta

  • One Login

For more information on how to configure SCIM provisioning for each IdP, see Provisioning Users with SCIM.

Was this article helpful?


Add your comment