What can we help you with?

SCIM Provisioning: Custom Setup


System for Cross-domain Identity Management (also known as SCIM) is a protocol for user management across multiple applications. It allows an IT or Operations team to easily provision (add), de-provision (deactivate), and update user data across multiple applications at once. 

Note: SCIM Provisioning is available on the Enterprise plan only. Additionally, to set up SCIM Provisioning you will need to have the involvement of both the monday.com admin and the manager of your identity provider account. 


Which SCIM capabilities are supported?

The following SCIM capabilities are supported in monday.com:

  • Provisioning of Users
  • De-provisioning of Users
  • Provisioning of Teams
  • De-provisioning of Teams
  • Team Renaming
  • Updating User Details
  • Assigning Users to Teams
  • Unassigning Users from Teams


SCIM Setup Options

There are three ways to set up SCIM Provisioning for your monday.com account:

  1. Existing monday.com SCIM applications
    We currently work with three main providers: OKTA, Azure AD, and OneLogin. Aside from these, you also have the option to use your own provider (see the second option) or integrate directly with our SCIM API (see the third option).

    You can read more on enabling SCIM Provisioning for existing monday.com applications below:
    SCIM Provisioning using OKTA
    SCIM Provisioning using Azure AD
    SCIM Provisioning using OneLogin

  2. Custom SCIM integration with identity providers
    This method will be covered in the article below. Continue reading to learn more about setting up a custom SCIM integration on your account!

    You can learn all about SCIM API in this article.


Custom SCIM integration with identity providers

To create a Custom SCIM integration with other identity providers, please follow the steps below. It is important to note, since there are many different identity provider options with varying instructions specific to them, you will need to review documentation from that specific identity provider in order to complete some of the steps below.


  • Step 1: Create a custom application in your identity provider

Check out documentation from your identity provider for specific instructions on this.


  • Step 2: Configure Provisioning

Please note, the following parameters may have different names in different identity providers. As part of your provisioning configuration process, you’ll need to use the specific parameters according to your chosen identity provider.


SCIM base URL:

The base URL for all calls from the identity provider to monday.com is: https://<YOUR_DOMAIN>.monday.com/scim/v2/ 

Note: Replace <YOUR_DOMAIN> above with your account URL name (if your account URL is myaccount.monday.com, you would write "myaccount" here).


SCIM API token:

This allows monday.com to authenticate the class from your identity provider. To generate the API token, open up the admin section of your account. From there, press on the "Security" tab, open up the SCIM section, click on the "Generate" button and copy the generated token.




Map out your identity provider attributes to monday.com attributes:

You can see a table of monday.com attributes in the section below. Additionally, check out documentation from your identity provider for further instructions on how to map out these attributes.


  • Step 3: Enable Provisioning and assign users and teams to the application

Check out documentation from your identity provider for specific instructions on how to enable the Provisioning and assign users and teams to the application.


Set Up User Provisioning

The following table presents all user attributes supported in monday.com’s SCIM integration:

monday.com Attribute

SCIM API Attribute(s)


Name (required)

name, displayName

The user's displayed


Email Address


userName, email

The email address used by the

user to log into monday.com




When creating a user, this field must be set to 'true'.
Changing a user's 'active' value to 'false' will deactivate them in the monday.com.



The user's position in the company.



The user's timezone,

all dates in the platform

will be according to this timezone.

Both 'Europe/Berlin' and 'Berlin' formats are acceptable



monday.com will display a localized version for different locales.

Phone Number


The user's phone numbers.
Note: only one will be displayed, the one marked as 'primary' or otherwise the first number.

Home Address


The user's address. Note: only one will be displayed, the one marked as 'primary' or otherwise the first address.

User Type


The level of each user within the account (learn about it here).

The possible values are:


or custom role id


To set up SCIM provisioning to support custom roles as user types:

  1. Configure the relevant custom role on monday as described in this article.
  2. Copy the custom role ID. This can be done from the monday account permissions center, by clicking on the three-dot menu right next to the role name and then "Copy ID", as shown in the image below.
  3. When setting the userType please pass the custom role ID's as a "string"(the same way you would pass the value admin, viewer, member, or guest).


Note: If you deprovision a user from the custom app within the identity provider, the user will exist in monday.com as an inactive user and will not be counted towards your monday.com user count.


Set Up Team Provisioning

When you assign a group into monday.com you will create a new Team in your monday.com account with all the users that are assigned to that group in the identity provider. 

Important Note: If you assign a group to the custom app within the identity provider, and there is a monday.com team with the same name, then the identity provider's group will replace it.
Additionally, for privacy measures, we recommend coordinating the team provisioning with the monday.com admin, in order to avoid users losing access to their data or users gaining access non-intendedly.


The following table presents all team attributes supported in monday.com’s SCIM integration:

monday.com Attribute

SCIM API Attribute(s)


Name (required) displayName

The team's displayed name

Users members List of users assigned to the team




Keep in mind: The identity provider is the source of truth 

If you connect your monday.com account to SCIM, every data change performed in the monday.com platform will be overridden by the data sent via SCIM. As an example, let's say that a user is provisioned to be part of a team, and then you manually unassign them through the monday.com platform. The next time SCIM provisioning runs, it will re-assign them to the team.


Frequently Asked Questions

We've outlined a list of SCIM-related frequently asked questions for you. Click on this link here to check them out!




If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.