Enterprise Solution: Setting Up System Cross Identity Management (SCIM) for Your Account

7 min read
System Cross Identity Management (SCIM) is a standard protocol for managing user identity information. You can use it to automatically communicate identity data such as your user groups and profile information between your Identity Provider (IdP) and your Wix account. 
You can customize the SCIM settings in your dashboard to assign Wix roles to your team members based on their group in your organization's IdP account. Any changes that you make in your IdP are synced in your Wix account. For example, if you change a team member's group in your IdP, it is also updated in your Wix account.
You can also automate some account actions such as deleting a team member's Wix account when you remove them in your IdP.

Step 1 | Create an app in your IdP

First, you need to create a new app in your IdP. In this example, we'll create the app in Azure. This app will let Azure communicate with your Wix account to send information about your organization's employees. 
Note:
If you want to use a different IdP, you should contact Wix Customer Care before you set it up. 

To create an app:

  1. Sign in to your Azure account.
  2. Select Azure Active Directory.
  3. Select Enterprise applications.
  4. Select New application
  5. Click Create your own application.
  6. Enter a name for your application.
  7. Select Integrate any other application you don't find in the gallery.
  8. Click Add.
  9. Select Provisioning in the left panel.
  10. Select Automatic from the Provisioning Mode drop-down menu. 
  11. Leave the tab open.

Step 2 | Create your SCIM URL and add it to Azure

Next, you need to create your SCIM URL in your dashboard and then add it to your Azure account.
Important:
You must have a role with the Manage SSO and SCIM permission to customize the settings of your dashboard.

To connect your app:

  1. In a new tab, go to your enterprise dashboard.
  2. Click Settings on the left.
  3. Select SSO and SCIM Settings.
  4. Click Set Up next to SCIM.
  5. Click Get Started.
  6. Select a default role using the drop-down menu.
    Important: This role will be assigned to all new groups that you sync with Wix. The default role replaces any roles that your team members currently have that were synced using SCIM. 
  7. Click Set Role & Continue.
  8. Click App Created, Next Step.
  9. Copy the URL.
  10. Go back to the tab with your Azure dashboard.
  11. Paste the URL in the field under Tenant URL.

Step 3 | Get your provisioning key and add it to Azure

After you've created your SCIM URL and added it to your Azure account, you also need to add your provisioning key. This is an API key that gives your Azure app the necessary permissions to interact with the SCIM settings in your account.

To add and verify:

  1. Go back to the tab with your dashboard.
  2. Click Next.
  3. Click Send Code.
  4. In a new tab, go to your email account and login.
  5. Copy the 6-digit code in your verification email. 
  6. Go back to the tab with your dashboard.
  7. Paste the code under Enter your 6-digit code.
  8. Click Verify & Generate Token.
  9. Copy your provisioning token.
Important:
  • This is the only time that you see your provisioning token. It is not possible to see the full token again after this point.
  • You can manage your provisioning token in the API Keys section of your dashboard.
  1. Go back to the tab with your Azure dashboard.
  2. Paste the provisioning token in the field under Secret Token.
  3. Click Test Connection to make sure that it's working correctly.
  4. Click Provision Azure Active Directory Users under Mappings.
  5. Select mailNickname under Attribute Mapping.
  6. Select ObjectId from the drop-down menu under Source attribute.
  7. Click Ok.
  8. Click Save.
  9. Click Yes on the pop-up.

Step 4 | Select the groups to sync and start provisioning

Next, you need to select the users and groups in your Azure dashboard that you want to sync with your Wix account. 

To select groups and start provisioning:

  1. Go back to the overview page of your Azure app.
  2. Select Users and groups in the left sidebar.
  3. Click Add user/group.
  4. Select the groups or users that you want to sync.
  5. Click Select.
  6. Click Provisioning in the left sidebar.
  7. Click Start provisioning.
Note:
It may take some time for this information to appear in your Wix dashboard. 

Step 5 | Map your organization's groups to Wix roles

When you enable SCIM, Wix creates a default group called "Ungrouped" in your SCIM dashboard. Any users that you sync from your IdP without a group are assigned to this default group.
After you've verified your SCIM setup, you can map your organizations groups to Wix roles. This will automatically synchronize your groups to Wix's roles.

To map your groups:

  1. Go back to the tab with your dashboard.
  2. Click Next.
  3. Click Finish.
  4. Click Refresh under Map your organization's groups to Wix roles to see your groups.
  5. Hover over the group that you want to map under Map your organization's groups to Wix roles.
  6. Click Change Role.
  7. Select the role that you want to use under Role & Site Access.
  8. Click Save.
Tip:
  • You can map multiple groups at the same time by selecting the checkbox next to a group.
  • You can sync your groups gradually if required. For example, you can decide to sync some groups at this point and sync more groups in the future.

SCIM FAQs

Click a question below to learn more about SCIM and your Wix account.

Did this help?

|