Skip to content
Create account or Sign in
The Stripe Docs logo
/
Create accountSign in

Set up group-based role assignment with SCIM synchronised groupsPublic preview

Automatically assign users roles based on their group membership, synchronised through SCIM into Stripe.

Before you begin

To assign account or organisation roles to users dynamically and offline with SCIM, you must:

  • Set up Single Sign-On
  • Set up SCIM
  • Configure your IdP to synchronise users and groups to Stripe

Configure group-based role assignment in Stripe

Stripe allows you to view groups that you sync through SCIM:

  1. From the Team and security settings page, go to Groups.
  2. When you enable group sync through SCIM in your IdP configuration, groups display in a table in this view.
  3. If group sync through SCIM isn’t enabled, a prompt appears to Enable SCIM in Stripe to trigger a group sync SCIM update.
  4. If you enabled SCIM on your IdP and in Stripe, check your IdP logs for whether SCIM group sync event updates have been pushed to Stripe.

Assign roles to users in groups:

  1. Select a group by clicking the overflow menu () next to it.
  2. Alternatively, you can select a group to view members of the selected group first.
  3. Then, to assign roles to the group (inherited by the members in the group), select Assign roles.
  4. You can apply more than one Dashboard role to a group. In this case, the set of permissions mapped to each group applies.
  5. If you sync groups to an organisation, you see a prompt to choose the accounts you want to assign group-based roles to, similar to the normal role assignment flow in organisations.

Group-based role assignment and Stripe organisations

We support group-based role assignments for Stripe organisations. When assigning roles at the organisation level, the role assignment applies to the organisation, meaning the roles also automatically propagate to each account within the organisation.

Troubleshoot group-based role assignment

1. You don’t see the option to assign roles to a group

  • To be able to assign roles to groups or users in the Dashboard with SSO, you must configure role assignment to be Dashboard-based (instead of SAML).
  • Go to Settings > Team & Security and click the Single sign-on (SSO) tab.
  • Click Configure role assignment > Stripe Dashboard > Save. You can now assign roles to groups that sync through SCIM.

2. You don’t see any users or groups synchronised into Stripe

  • Groups synchronise to Stripe according to IdP synchronisation cycle times. For example, Microsoft Entra ID (formerly Azure AD) might take as long as 40 minutes to synchronise groups.
  • This only synchronises users to Stripe that match the domains configured in Stripe.
  • If neither users nor groups synchronise to Stripe after a long period of time, check your IdP SCIM provisioning logs for errors. Errors could be because of mismatches in keys or endpoint URL configuration errors.
On this page