Skip to content
Create account or Sign in
The Stripe Docs logo
/
Create accountSign in

Set up group-based role assignment with SCIM synchronized groupsPublic preview

Automatically assign users roles based on their group membership, synchronized through SCIM into Stripe.

Before you begin

To assign account or organization roles to users dynamically and offline with SCIM, you must:

  • Set up Single Sign-On
  • Set up SCIM
  • Configure your IdP to synchronize users and groups to Stripe

Configure group-based role assignment in Stripe

Stripe allows you to view groups that you sync through SCIM:

  1. From the Team and security settings page, go to Groups.
  2. When you enable group sync through SCIM in your IdP configuration, groups display in a table in this view.
  3. If group sync through SCIM isn’t enabled, a prompt appears to Enable SCIM in Stripe to trigger a group sync SCIM update.
  4. If you enabled SCIM on your IdP and in Stripe, check your IdP logs for whether SCIM group sync event updates have been pushed to Stripe.

Assign roles to users in groups:

  1. Select a group by clicking the overflow menu () next to it.
  2. Alternatively, you can select a group to view members of the selected group first.
  3. Then, to assign roles to the group (inherited by the members in the group), select Assign roles.
  4. You can apply more than one Dashboard role to a group. In this case, the set of permissions mapped to each group applies.
  5. If you sync groups to an organization, you see a prompt to choose the accounts you want to assign group-based roles to, similar to the normal role assignment flow in organizations.

Group-based role assignment and Stripe organizations

We support group-based role assignments for Stripe organizations. When assigning roles at the organization level, the role assignment applies to the organization, meaning the roles also automatically propagate to each account within the organization.

Troubleshoot group-based role assignment

1. You don’t see the option to assign roles to a group

  • To be able to assign roles to groups or users in the Dashboard with SSO, you must configure role assignment to be Dashboard-based (instead of SAML).
  • Go to Settings > Team & Security and click the Single sign-on (SSO) tab.
  • Click Configure role assignment > Stripe Dashboard > Save. You can now assign roles to groups that sync through SCIM.

2. You don’t see any users or groups synchronized into Stripe

  • Groups synchronize to Stripe according to IdP synchronization cycle times. For example, Microsoft Entra ID (formerly Azure AD) might take as long as 40 minutes to synchronize groups.
  • This only synchronizes users to Stripe that match the domains configured in Stripe.
  • If neither users nor groups synchronize to Stripe after a long period of time, check your IdP SCIM provisioning logs for errors. Errors could be because of mismatches in keys or endpoint URL configuration errors.
On this page