![logo-horizontal_w.png]](https://support.tiled.co/hs-fs/hubfs/logo-horizontal_w.png?height=30&name=logo-horizontal_w.png){kind=logo}
SCIM Server — Foundational Enterprise Provisioning
Backend capability enabling automated user lifecycle management via Okta and Microsoft Entra for enterprise organizations
This article documents the SCIM Server foundational release shipped in Tiled v53.0.0. The September 2025 release delivers the backend infrastructure for SCIM 2.0 (System for Cross-domain Identity Management) provisioning, enabling enterprise customers to connect Okta or Microsoft Entra to automate Tiled user lifecycle management.
Scope: Enterprise Tiled customers with Okta or Microsoft Entra identity providers. IT Administrators responsible for directory integration. This is a backend-foundational release — customer-visible enablement is IT-configuration-driven, not a UI change for end users. Subsequent releases (v56.0.0 through v58.0.0) deliver SCIM improvements; see KB-v56-05 and KB-v58-07 for the full iteration history.
2. Control Objective
The control objective is to establish a SCIM 2.0-compliant server endpoint within the Tiled platform that identity providers can use to programmatically provision, update, and deprovision user accounts — ensuring user access is granted and revoked in alignment with the authoritative identity store.
3. What SCIM Enables
• Automatically provision Tiled accounts for new employees when added to the IdP application.
• Automatically update Tiled user attributes (name, email) when they change in the IdP.
• Automatically deprovision (deactivate or delete) Tiled accounts when users are removed from the IdP or leave the organization.
• Synchronize group membership for role-based access control, where supported.
4. September 2025 Scope
|
What Shipped |
SCIM 2.0 server endpoint capable of receiving provisioning and deprovisioning events from Okta and Microsoft Entra. Test coverage for SCIM server event handling validated in pre-release QA (2025-08-28 standup). |
|
What Was Not Yet Shipped |
Full production Okta QA and edge-case handling completed in subsequent releases (v56.0.0 and v58.0.0). September establishes the foundation; iteration follows through March 2026. |
|
Customer-Visible Impact |
No UI change for end users. IT Administrators configure the SCIM connection via their IdP admin console using Tiled-provided SCIM endpoint URL and bearer token. |
5. SCIM Iteration History
|
v53.0.0 (Sep 2025) — This Article |
SCIM 2.0 server foundation. Backend endpoint, test coverage. Okta/Entra provisioning events handled. |
|
v56.0.0 (Jan 2026) — KB-v56-05 |
Initial SCIM corrections from Okta QA. Provisioning payload handling improvements. Also patched in 55.0.x API hotfixes. |
|
v58.0.0 (Mar 2026) — KB-v58-07 |
Comprehensive Okta QA iteration. Deprovisioning fix (TD-6535), attribute sync (TD-6565). SCIM deprovisioning gap explicitly closed. |
6. Audit Evidence
• CC6.1 (Logical and Physical Access Controls): the platform now supports automated, IdP-driven access provisioning and deprovisioning as an enterprise control foundation.
• CC6.2 (Prior to Issuing System Credentials): SCIM provisioning events are the mechanism by which enterprise customers issue Tiled credentials to new users via their IdP. The September foundational release enables this control path for the first time.
• Full deprovisioning reliability (completing the CC6.2 control loop) was established in v58.0.0 (KB-v58-07, TD-6535). Auditors reviewing the complete CC6.2 evidence trail should reference both this article and KB-v58-07.
7. Change History
|
v1.0 — September 2025 |
Initial article. SCIM server foundation shipped in Tiled v53.0.0 September 2025. |