Set up automatic user provisioning with SCIMPublic preview
Automatically provision and deprovision team members who are assigned access to Stripe from your Identity Provider (IdP).
By default, when you set up Single Sign-On with SAML, users are provisioned Just-In-Time (JIT) the first time they sign into Stripe from your IdP. With SCIM, you can automatically provision team members in Stripe even before they sign in, and deprovision them on-demand when they should no longer have access to Stripe.
Stripe adheres to the SCIM 2.0 protocol, and only supports the following capabilities in private preview:
- Provision a user (not groups) to Stripe (
POST /scim/v2/Users
) - Retrieve a user from Stripe (
GET /scim/v2/Users/<user_
)id> - Update a user in Stripe (
PUT /scim/v2/Users/<user_
orid> PATCH /scim/v2/Users/<user_
)id> - List all users in Stripe (
GET /scim/v2/Users
) - Deprovision a user from Stripe (
DELETE /scim/Users/<user_
)id>
How it works 
When you enable SCIM provisioning, Stripe provisions users based on requests to the Stripe SCIM endpoint, using your account’s or organization’s SCIM API key. Existing users continue to have access to Stripe.
While SCIM handles provisioning for team members, their roles are still managed independently through SAML, based on attribute statements passed by your IdP during login. When a user is provisioned through SCIM, they aren’t assigned any permissions until the user signs in.
When your IdP or SCIM client provisions new team members to Stripe, they automatically appear in your list of team members under Settings > Team and Security > Team. When your IdP or SCIM client deprovisions team members, their access is immediately revoked and they’re removed from your list of team members. Deprovisioned team members are automatically logged out of the Dashboard and unable to access Stripe. If your accounts belong to an organization, you must configure both SSO and SCIM provisioning from your organization. You can’t configure SSO or SCIM for individual accounts in an organization.
Before you begin
Before you can enable SCIM provisioning, you must first enable Single Sign-On.
Enable SCIM provisioning 
To enable SCIM provisioning in your account or organization:
- From the Team and security settings page, go to SCIM provisioning and click Enable.
- Copy your SCIM endpoint URL and SCIM API key to your IdP or SCIM client.
Rate limits
Learn more about how Stripe API uses rate limits to restrict the number of API requests per second.
Configure in Okta 
If you’re configuring SCIM provisioning from Okta as your IdP:
- Open your Stripe application.
- Click on the General tab. Edit your App Settings and click Enable SCIM provisioning.
- Click on the Provisioning tab. Under Settings, click Integration and Edit.
- For SCIM connector base URL, enter
https://access.
.stripe. com/scim/v2 - For Unique identifier field for users, add
email
as the value. - For Supported provisioning actions, select:
- Push New Users
- Push Profile Updates
- For Authentication Mode, select
HTTP Header
. - For Authorization, enter your SCIM API key as the bearer token.
- Click Save.
- Under the Settings > To App tab, click Edit and enable the following:
- Create Users
- Deactivate Users
Configure in Entra ID 
If you’re configuring SCIM provisioning from Entra ID as your IdP:
- Open your Stripe application under Enterprise applications.
- Click on Provisioning and Connect your application.
- For Tenant URL, enter
https://access.
.stripe. com/scim/v2 - For Secret token, enter your SCIM API key.
- Click Test connection, and then click Create.
Provisioning delay
Entra ID has a fixed automatic provisioning interval of 40 minutes.
Disable SCIM provisioning 
To disable SCIM provisioning:
- From the Team and security settings page, go to SCIM provisioning.
- Click Disable. Your SCIM API key is automatically deleted.
Rotate a SCIM API key 
To rotate your SCIM API key:
- From the Developers menu, go to API keys.
- If you are managing an organization, go to Organizations API keys.
- Next to your SCIM API key, click the overflow menu () and select Rotate key.