If you've chosen to enable SCIM provisioning, read on if you have any questions about how that impacts your Guru team. For questions about SSO specifically, check out our SSO FAQ article.


You must be on our Builder or Expert plan to enable SCIM.

What is SCIM?
SCIM allows Guru Admins to add, remove, and assign users to groups both within an identity provider. This process allows larger teams to manage their users and groups for multiple apps in one place.

How do I set up SCIM provisioning for my team?
In order to set up SCIM, you first need to have SSO enabled. If that's the case, get started setting up SCIM provisioning here.

What can I expect to happen after I enable SCIM for my team?

Users, Groups, and Group assignments from your identity provider will be moved into Guru immediately. Any Users, Groups, and Group assignments with pre-existing exact matches in Guru will be merged. Once they've merged, these become uneditable in Guru.

User or Groups in Guru that do not match Users or Groups in your identity provider will not sync back into your identity provider. These users will not have a sync icon (🔄) next to their name and you will be able to manage these Users and Groups directly in Guru.

✍️ Note

If your team has single sign-on (SSO) and SCIM enabled Admins can no longer invite users via the web app. You must invite new users via your IDP provider.

How will I know who is synced through my identity provider and who is not?

All users who were synced via SCIM will have a sync icon (🔄) next to their name.

Does Guru support Group Linking?
Guru also supports Group Linking which creates a 1:1 linkage that will merge a SCIM group (and users within it) into the Guru Group, while maintaining the Collection permissions of the Guru Group. This allows for easy user management through SCIM.

You don't need to do anything to enable this, existing Guru Groups will show within the IDP Group Link menu. If a Guru Group has the same name as the group being linked it will automatically select that linkage.

What happens when I remove a user from Guru in my identity provider?
When users are de-provisioned through SCIM they will be immediately deleted in Guru. You will not be prompted to re-assign verification responsibilities so remember to update that before removing them from SCIM.

If you do not update the verifier on the user's Cards before removing them from your IDP the Cards that they are currently a verifier of will be reassigned to the Collection Owner of the Collection that Card lives in. If the Collection does not have a Collection Owner it will be assigned to the top verifier in that Collection.

Can I manage users & Groups in Guru after SCIM is enabled?

  1. If a Group is not synced with SCIM, you can add/remove that Group in Guru and any users (synced or not) to that Group in Guru.

  2. If a Group is synced with SCIM (has the 🔄 icon), you cannot manage that Group at all in Guru. That includes removing the Group or adding/deleting users in that Group.

  3. A synced user can be added/removed from a non-synced Group

📑 Related articles

Did this answer your question?