Skip to main content
SCIM requires an Enterprise plan.
SCIM (System for Cross-domain Identity Management) lets admins provision and deprovision Mintlify organization members directly from your identity provider. SCIM manages who has access to your organization. To control how users sign in, set up SSO.

Enable SCIM

1

Open SCIM settings

In your Mintlify dashboard, navigate to the SCIM tab of the “Identity & access” page.
2

Turn on SCIM

Click Configure SCIM. Mintlify generates a SCIM base URL and a bearer token.
Securely store the bearer token. Mintlify shows it only once and cannot display it again.
3

Add the credentials to your identity provider

Enter the SCIM base URL and bearer token into your identity provider’s SCIM app configuration. See Configure your identity provider for provider-specific steps.

Configure your identity provider

Okta

1

Add a SCIM app in Okta

In Okta, under Applications, click Browse App Catalog and search for SCIM 2.0 Test App (Header Auth). This is Okta’s standard integration for any SCIM 2.0 API that authenticates with a bearer token.
2

Add your Mintlify credentials

Under the app’s Provisioning settings, enter the Mintlify SCIM base URL and bearer token. Format the token as bearer <token>.
3

Enable provisioning actions

Under Provisioning to app, enable the create, update, and deactivate options you want Okta to manage. Leave Sync password off, since Mintlify doesn’t use Okta-managed passwords.
4

Create and push groups

In Okta, use your existing groups or create new ones for each set of users you want to provision, then push those groups to the SCIM app under Push groups.
Group names are case-sensitive. The name you map in Mintlify must match the Okta group name exactly.
5

Assign users

Assign the relevant groups or individual users to the app under Assignments.
6

Map groups to roles

In the Mintlify dashboard, map each pushed group name to a dashboard role. See Map groups to roles.
For identity providers other than Okta, contact us for setup guidance.

Map groups to roles

Assign roles to users based on their identity provider group membership.
  1. In the Mintlify dashboard, navigate to the SCIM tab of the “Identity & access” page.
  2. In the “Group-to-role mappings” section, click Add mapping.
  3. Enter the identity provider group name and select a role.
When a user belongs to multiple mapped groups, Mintlify assigns the highest-privilege role among them. You can edit or remove a mapping at any time. This mapping is one-directional and only controls which Mintlify role a group receives. For example, suppose you map your identity provider’s developers group to the editor role and later change that mapping to viewer. New members of developers become viewers in Mintlify, but the existing developers group itself is unchanged in your identity provider.

Rotate the bearer token

Rotate the bearer token if it’s exposed or as part of routine credential hygiene.
  1. Navigate to the SCIM tab of the “Identity & access” page.
  2. Click Rotate token.
  3. Copy the new token and update your identity provider’s SCIM configuration.
Rotating the token immediately invalidates the previous token. Provisioning stops working until you update your identity provider with the new token.

Disable SCIM

  1. Navigate to the SCIM tab of the “Identity & access” page.
  2. Toggle SCIM off.
Disabling SCIM stops new provisioning and deprovisioning events from your identity provider. Existing dashboard members keep their current access until removed manually or through another method.