SCIM (System for Cross-domain Identity Management) is an open standard for managing user identity information.
It allows you to manage your users and groups outside of Budibase using any Identity and Access Management service that supports SCIM. Examples include Azure Active Directory and Okta.
Changes to users and groups made in your external IAM can be synced across to Budibase users and groups through a process known as provisioning.
It is worth noting that this is a one way process. When SCIM is enabled, you will no longer be able to edit users and groups within Budibase; it will only be possible to make changes via your external service.
Contact sales to enquire about upgrading to the enterprise plan https://budibase.com/contact/
Login to the Budibase portal, and click on the
Settings tab. Select the
Scroll to the bottom of the page, and under SCIM toggle Activated on. The provisioning URL and Token will become available to quickly copy using the clipboard buttons to the right of the fields.
This example will look at provisioning active directory users from Azure into Budibase
First we need to create an Enterprise application to manage the users and groups that we want to provision for Budibase.
Log-in to Azure Active Directory, and click
Enterprise applications under the Manage section.
New application, then click on
Create your own application. Select the (Non-gallery) option and give your app a name.
Assuming you already have some users in your active directory, you can now add them to your enterprise application.
Click on your application, and then click
Users and groups under the Manage section. You can then click on
Add user/group to add users individually or user groups.
Under the Manage section click on
Provisioning. Next select 'Automatic' under Provisioning Mode. Copy and paste the URL and Token from the Budibase settings page as the admin credentials.
Test Connection to verify everything is correct, and make sure to click the
Save button at the top.
You can now click
Start provisioning to sync your users and groups from your Azure enterprise app into Budibase.
Users tab in the Budibase portal, you can now see the users that have synced across.
There is also a note in this section indicating that users are being synced from your AD.
Finally we need to make sure that provisioned users can log-in to Budibase. In this case you can follow the SSO with Azure AD guide.
Furthermore make sure you have given your users and groups Application access.
Updated 4 months ago