Configure an external Identity Provider to manage users and groups in Sift using SCIM push provisioning.
Connect an external Identity Provider (IdP) to Sift to manage users and groups centrally. When changes occur in the IdP, such as creating, deleting, or renaming users or groups, or modifying group memberships, those changes are automatically synchronized to Sift.
Sift connects to your IdP using SCIM (System for Cross-domain Identity Management), a standard protocol for automating user and group provisioning. To connect your IdP, you need two credentials from Sift:
An access token: used to authenticate those requests
A SCIM endpoint URL: the address your IdP sends provisioning requests to
Once connected, Sift synchronizes with your IdP automatically every 24 hours. Administrators can also trigger a manual sync at any time. Groups synchronized from an IdP are called external groups in Sift. Their membership and attributes remain controlled by the IdP, though permissions can be managed in Sift.
Trigger a manual sync to apply changes from your IdP to Sift without waiting for the next automatic sync.
Synchronizing: When synchronizing Sift with your organization, the system will update your account to match the IdP’s data, which may create new users or deactivate existing ones, create or delete external groups, and add or remove users from those external groups. All changes are determined by your IdP’s current configuration.
Integrate an Identity Provider with Sift: Learn how to integrate an external IdP with Sift using Microsoft Entra ID as an example, with steps that apply to any IdP that supports push provisioning.
