Authentication

SCIM

Overview

SCIM, or System for Cross‑domain Identity Management, is an open standard designed to manage user identity information. Cloudsmith is SCIM 2.0‑compliant. With Cloudsmith’s support for SCIM, you can automatically provision new users, de‑provision existing users and update user profile information based on changes within your IdP.

Early Access

SCIM Groups provisioning integration is currently available in early access. Please contact us if you need this feature enabled for your organization.

Prerequisites for enabling SCIM on Cloudsmith

To configure SCIM for your organization you must meet the following requirements:

1. Cloudsmith plan – Your account must be on a plan that includes Ultra or Enterprise.
2. Administrator access – You must be the owner of a Cloudsmith organization.
3. Domain registry – At least one domain must be claimed in Cloudsmith - please reach out to our support team.
4. Identity provider (IdP) – You need an IdP that supports SCIM 2.0 to use with Cloudsmith.

Configuration

When configuring your IdP, you’ll need the following details that apply to all SCIM integrations with Cloudsmith:

• Base URL: https://api.cloudsmith.io/scim/v2
• Authentication: Basic Auth, using a SCIM token generated from Cloudsmith.
• Supported Features: User provisioning and de‑provisioning.

Unique User Identifier

Make sure to use the user’s e‑mail address as the unique identifier. Additionally, the following fields are mandatory:

- email
- givenName
- familyName

Supported IdP Providers

Cloudsmith works with any generic SCIM 2.0‑compliant IdP, but we provide detailed documentation for the most common providers below as an example configuration:

• Google
• JumpCloud
• Microsoft Entra ID
• Okta
• OneLogin
• Ping Identity

If you need help with an IdP not listed above, feel free to contact us.

Updated 3 hours ago