SCIM Provisioning
Auto-provision storefront users from your identity provider via SCIM 2.0 — mint and revoke bearer tokens, view the sync activity log, and audit synced groups.
SCIM Provisioning
SCIM Provisioning (Settings → SCIM Provisioning) lets your identity provider (Okta, Azure AD, OneLogin, JumpCloud) automatically create, update, and deactivate storefront portal users via the SCIM 2.0 protocol.
IdP endpoint
The page shows your tenant's SCIM base URL — https://<tenant>.storefront.aforo.ai/scim/v2/ — with a copy button and a collapsible step-by-step setup guide with a tab per IdP.
Bearer tokens
Your IdP authenticates with a bearer token you mint here.
The plaintext token is shown once at mint time, then auto-clears after 10 minutes. Copy it into your IdP immediately. Revoke is irreversible — the IdP starts failing on its next sync.
Sync activity
A paginated, filterable (SUCCESS / FAILURE) log of every provisioning operation: CREATE_USER, UPDATE_USER, PATCH_USER, DELETE_USER, CREATE_GROUP, UPDATE_GROUP, DELETE_GROUP — each with the resource, originating token, HTTP status, and detail.
SCIM groups
A paginated audit of synced groups, each with external ID, source token, member count, last-updated time, and an expandable sample of the first five members.