How to Set Up Automatic User Provisioning with SCIM

Setting up SCIM (System for Cross-domain Identity Management) gives your IT team automatic, reliable account lifecycle management for Fireflies.

It's the perfect partner to SAML SSO. While SSO creates users "Just-In-Time" (JIT) when they first sign in, adding SCIM 2.0 lets you pre-create accounts and immediately deactivate users from Fireflies when they're removed from your Identity Provider (IdP).

🔍 What Does the Integration Do?

This setup connects your Identity Provider (like Okta or Entra ID) to Fireflies using the SCIM 2.0 standard. Once configured, it allows your IdP to:

• Automatically provision (create) new user accounts in Fireflies.

• Automatically update user profile details.

• Automatically de-provision (deactivate) user accounts in Fireflies when they are removed from your IdP.

🔑 Prerequisites

Before you can enable SCIM provisioning, you must first have Single Sign-On (SSO) set up for your Fireflies account.

🔗 Get Your SCIM Credentials from Fireflies

To connect your IdP, you'll first need to get two pieces of information from your Fireflies account.

• SCIM Connector Base URL: https://user-service-rest.fireflies.ai/scim/v2

• SCIM Access Token

Step 1: Generate your token

1. Open your Fireflies web app and click on Settings in the main navigation menu.

2. From the bottom-left menu, select Account.

3. Scroll down to the Secure your workplace section and locate the SCIM Access Token.

4. Click the rotate icon (↻) to generate your token, then click the copy icon to copy it immediately, as you won't be able to see it again.

⚙ Setting Up Your Configuration

Here are the specific instructions for connecting SCIM with Okta and Entra ID.

Configure in Okta

Step 1: Open your Fireflies app

• From your Okta dashboard, open the Fireflies application you previously set up for SSO.

Step 2: Enable SCIM provisioning

• Click the General tab.

• In the App Settings section, click Edit and check the box for SCIM provisioning.

Step 3: Configure provisioning integration

• Click the Provisioning tab.

• Under Settings, click Integration and then click Edit.

Step 4: Enter SCIM Base URL

For SCIM connector base URL, enter: https://user-service-rest.fireflies.ai/scim/v2

Step 5: Set unique identifier

• For Unique identifier field for users, add email as the value.

Step 6: Select provisioning actions

• For Supported provisioning actions, select Push New Users and Push Profile Updates.

Step 7: Set authentication mode

• For Authentication Mode, select HTTP Header.

Step 8: Add authorization token

• For Authorization, enter your SCIM Access Token (the one you generated in Fireflies) as the bearer token.

Step 9: Save and enable

• Click Save.

• After saving, go to the Settings > To App tab. Click Edit and enable Create Users, Update User Attributes, and Deactivate Users.

Configure in Entra ID (formerly Azure AD)

Step 1: Open your Fireflies application

• In your Entra ID portal, navigate to Enterprise applications and open your Fireflies application.

Step 2: Connect your application

• Click on Provisioning and then click Connect your application (or Get started).

Step 3: Enter Tenant URL

• For Tenant URL, enter: https://user-service-rest.fireflies.ai/scim/v2

Step 4: Enter Secret Token

• For Secret token, enter your SCIM Access Token (the one you generated in Fireflies).

Step 5: Test and create

• Click Test connection to ensure the credentials are correct, and then click Create (or Save).

Configure in OneLogin

Step 1: Open the SCIM Provisioner application

• Log in to your OneLogin admin portal and open the SCIM Provisioner with SAML (SCIM v2 Core) application you previously created.

Step 2: Configure SCIM API connection

• Go to the Configuration tab.

• In SCIM Base URL, enter: https://user-service-rest.fireflies.ai/scim/v2

• Under API Connection, ensure API Status is set to Enabled.

• In SCIM Bearer Token, paste your SCIM Access Token generated in Fireflies.

Step 3: Enable provisioning workflow

• Go to the Provisioning tab.

• Check Enable provisioning.

• Enable the following actions:

  ✅Create user
  ✅Update user
  ✅Delete user

Step 4: Test and create

• Save your configuration and test the provisioning connection to ensure it is working correctly.

🧩 Additional Options

Supported SCIM Features

For advanced configurations, Fireflies' SCIM 2.0 implementation currently supports the following features:

• Provision a user to Fireflies (POST /scim/v2/Users)

• Retrieve a user from Fireflies (GET /scim/v2/Users/<user_id>)

• Update a user in Fireflies (PUT /scim/v2/Users/<user_id> or PATCH /scim/v2/Users/<user_id>)

• List all users in Fireflies (GET /scim/v2/Users)

• De-provision a user from Fireflies (DELETE /scim/v2/Users/<user_id>)

❌ Disconnect Integration

To disable automatic provisioning, you can disconnect the SCIM integration from within your Identity Provider.

• In Okta: Navigate to the Provisioning tab in your Fireflies app, click Edit under Integration, and uncheck Enable SCIM provisioning.

• In Entra ID: Navigate to the Provisioning tab in your Fireflies app and stop the provisioning service.

🔄 Recap

Setting up SCIM with Fireflies provides automatic, reliable account lifecycle management. It allows you to pre-create accounts and immediately deactivate users when they leave, ensuring your Fireflies workspace is always in sync with your Identity Provider.

📌 Related Guides

📌How to Set Up SSO for Okta ->  Use Okta's SSO in Fireflies for a streamlined access.

📌Set Up SAML SSO for Azure AD -> Enable SAML SSO with Azure ADD to enhance security and simplify user access.

📌Set Up SAML SSO for Google Workspace -> Enable secure single sign-on with Google Workspace to centralize authentication and simplify user access.