Skip to main content

Automate User Onboarding & Offboarding with SCIM

calendar icon   Release Date: May 21, 2025

SCIM thumbnail

SCIM (System for Cross-domain Identity Management) integration now supports both automatic user provisioning and deprovisioning in GitGuardian. When users are added or removed from your Identity Provider (IdP)—such as Okta or Microsoft Entra ID—they are automatically created or deactivated in your GitGuardian workspace.

Now, all your developers can be automatically onboarded to GitGuardian and are ready to handle security incidents as soon as they are added to your IdP. This means you can fully automate the onboarding and offboarding of users, directly from your IdP, ensuring your entire development team is always prepared to respond to incidents.

Why is this important?

  • Streamlined onboarding: New users are automatically provisioned in GitGuardian as soon as they are added to your IdP—no more manual invites or user creation.
  • Automated offboarding: When a user is removed or deactivated in your IdP, their access to GitGuardian is automatically revoked, reducing security risks.
  • Real-time synchronization: User changes in your IdP are reflected in GitGuardian almost instantly, ensuring your workspace always stays up to date.
  • Improved compliance: Automated user lifecycle management helps you meet security and compliance requirements by ensuring only authorized users have access.
  • Reduced manual work: Save time and reduce errors by eliminating manual user management tasks.

Note: Team provisioning via SCIM is not yet available, but is planned for a future update.

How to get started?

  • SCIM is available for workspaces using Okta or Microsoft Entra ID as their IdP.
  • To enable SCIM, go to your workspace Settings > Authentication and follow the setup instructions for your IdP.
  • For detailed configuration steps and best practices, check out our product documentation.

Enhancements

  • Emails: Included the number of incidents to both weekly digest and historical scan emails subject line
  • Jira Data Center Issue Tracking Integration: Creating Jira tickets now only requires regular user permissions. Administrator privileges on the Jira Data Center site are only needed when setting up the two-way synchronization (Auto-resolve feature).

Fixes

  • GitLab Integrations: Resolved a problem where system hook checks returned a 403 forbidden error when using a read-only token.
  • Dashboard: Resolved an issue where a toast message displayed "unknown error" in certain situations.
  • Historical Scan: Resolved an issue where scans of empty GitHub repositories were incorrectly marked as failed.
  • API: Resolved an issue where deleted sources were incorrectly displayed as monitored.

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status