Automate user lifecycle management with SCIM provisioning. Automatically create, update, and deactivate user accounts in Nestr when changes happen in your identity provider, removing the need for manual onboarding and offboarding.
What is SCIM provisioning?
SCIM (System for Cross-domain Identity Management) is an open standard for automating user account management between an identity provider and a connected application. When SCIM is configured between your identity provider and Nestr, user accounts are created, updated, and deactivated automatically. Adding a new employee in Okta or Azure AD immediately creates their Nestr account, and removing them deactivates it.
Which identity providers does Nestr support for SCIM?
Nestr's SCIM implementation is compatible with any identity provider that supports the SCIM 2.0 standard, including Okta, Azure Active Directory, Google Workspace, and OneLogin. Setup involves generating a SCIM endpoint URL and token in Nestr and entering these in your identity provider's application configuration.
Why use SCIM for user management in Nestr?
Manual user management creates security risks: offboarded employees may retain access longer than intended, and new employees may wait before gaining the access they need. SCIM eliminates both problems by making Nestr user provisioning a direct consequence of your authoritative identity system, reducing both administrative burden and access risk.
{"@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [{"@type": "Question", "name": "Does SCIM work alongside SSO in Nestr?", "acceptedAnswer": {"@type": "Answer", "text": "Yes. SCIM and SSO complement each other. SSO handles authentication (how users log in), while SCIM handles provisioning (which users exist and what attributes they have). Most enterprise deployments use both: SSO for seamless login and SCIM for automated account lifecycle management."}}, {"@type": "Question", "name": "Can SCIM update user attributes in Nestr?", "acceptedAnswer": {"@type": "Answer", "text": "Yes. SCIM can sync user attributes such as name, email, and group memberships from your identity provider to Nestr. When an employee's details change in your HR system, those changes propagate to Nestr automatically."}}, {"@type": "Question", "name": "What happens to a user's data when they are deprovisioned via SCIM?", "acceptedAnswer": {"@type": "Answer", "text": "When a user is deprovisioned via SCIM, their Nestr account is deactivated and they lose access. Their existing roles, projects, and governance contributions remain in the workspace, preserving the institutional record. Roles they held can be reassigned through Nestr's governance process."}}]}
.png){kind=logo}
