SCIM provisioning · Cloudflare Fundamentals docs | Latest TMZ Celebrity News & Gossip | Watch TMZ Live Skip to content
Cloudflare Docs

SCIM provisioning

Cloudflare supports bulk provisioning of users into the Cloudflare dashboard by using the System for Cross-domain Identity Management (SCIM) protocol. This allows you to connect your external identity provider (IdP) to Cloudflare and quickly onboard and manage users and their permissions. Cloudflare supports SCIM onboarding with Okta and Microsoft Entra.

Expected behaviors

Expectations for user lifecycle management with SCIM:

Expected Cloudflare dash behaviorIdentity provider action
User is added to account as memberAssign the user to a SCIM application. They will be assigned the Minimal Account Access role so that their dash experience is not broken.
User is removed from account as memberUnassign the user from the SCIM application.
Add role to userAdd the user to a group in the IdP which is pushed via SCIM. They must also be assigned to the SCIM application and exist as an account member.
Remove role from userRemove the user from the corresponding group in the IdP.
Retain user in account but with no permissionsRemove the user from all role groups but leave them assigned to the SCIM application. They will be an account member with only the role Minimal Account Access.

Limitations

  • If a user is the only Super Administrator on an Enterprise account, they will not be deprovisioned.

Prerequisites

  • Cloudflare provisioning with SCIM is only available to Enterprise customers using Okta or Microsoft Entra.
  • You must be a Super Administrator on the account.
  • In your identity provider, you must have the ability to create applications and groups.

Gather the required data

To start, you will need to collect a couple of pieces of data from Cloudflare and set these aside for later use.

Get your Account ID

  1. In the Cloudflare dashboard, go to the Cloudflare account that you want to configure for SCIM provisioning.
  2. Copy your account ID from the account home page.

Create an API token

  1. Create an API token with the following permissions:

    TypeItemPermission
    AccountSCIM ProvisioningEdit

  2. Under Account Resources, select the specific account to include or exclude from the dropdown menu, if applicable.

  3. Select Continue to summary.

  4. Validate the permissions and select Create Token.

  5. Copy the token value.

TMZ Celebrity News – Breaking Stories, Videos & Gossip

Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

🎥 Watch TMZ Live

TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.