Enterprise
SCIM provisioning
Automatically provision and de-provision members from your identity provider with SCIM 2.0.
SCIM lets your IdP create, update, and deactivate org members automatically — so access follows your directory instead of manual invites. It pairs with Enterprise SSO.
Endpoint
Section titled “Endpoint”Point your IdP’s SCIM connector at:
https://cloud.backlex.com/api/scim/v2The exact base URL for your org is shown on the SSO/SCIM settings card.
Mint a token
Section titled “Mint a token”SCIM authenticates with a bearer token, minted from settings or the API. It’s returned once:
curl -X POST https://cloud.backlex.com/api/org/<org>/scim/token \ -H "Authorization: Bearer pak_..."Paste the token into your IdP’s SCIM configuration alongside the base URL.
How members map
Section titled “How members map”- A user provisioned over SCIM becomes an org member (
provisionedBy: scim:<provider>). - Deactivating the user in your IdP suspends the member here.
- Status flows through the directory — no manual invite/remove for managed users.
Revoke
Section titled “Revoke”Revoking turns off SCIM provisioning for the org:
curl -X DELETE https://cloud.backlex.com/api/org/<org>/scim/token \ -H "Authorization: Bearer pak_..."Minting and revoking SCIM tokens requires the admin role and is audited.