Skedda now supports SCIM (System for Cross-domain Identity Management) to help you automate user management! If you’re using Microsoft Entra ID (Azure AD) as your identity provider (IdP), you can seamlessly sync user access with your Skedda venues. Support for additional identity providers, starting with Okta, is coming soon.
This article explains what SCIM does, how it works in Skedda, and how to get started.
What is SCIM?
SCIM is a standardized protocol used by identity providers to automatically provision, update, and deprovision users. Instead of managing users manually in Skedda, your IdP handles it for you.
With SCIM in Skedda:
Users are automatically added to your venue when assigned in your IdP.
User details (e.g., name, email, tags) can be updated automatically from the IdP.
Users are automatically deactivated or removed in Skedda when they are removed from the IdP
Group and department information can be synced as user custom tags in Skedda.
SCIM complements existing SAML SSO integrations. If you're already using SSO, adding SCIM will fully automate your identity management.
How Skedda SCIM works
Each Skedda venue has its own SCIM base URL, allowing you to manage access independently.
Why is it venue-specific? Because venues are independent, managing SCIM per venue aligns with our SSO approach and simplifies permission handling.
What gets synced?
We support the core SCIM 2.0 specification and sync key user attributes:
Attribute | Sync behavior |
Username | IdP unique identifier for login. Required for user. |
Display Name | Human-readable name |
Name | Complex type (given, family, etc.) |
Emails | List of email addresses |
Active | Indicates if the user is active |
Photos | Profile pictures |
Tags (Groups) | Mapped from your IdP groups |
Skedda uses the SCIM Group resource to handle tags. This means your IdP groups can act as labels or attributes assigned to users in Skedda, enabling the implementation of specific rules and policies for those tagged users.
In future, support will be added for the following user attributes:
Attribute | Sync behavior |
Preferred language | User’s interface language |
Locale | Culture-specific formatting (dates, times, etc.) |
How to set it up
Microsoft Entra ID (Azure AD)
Create a new SCIM application in Microsoft Entra ID, giving it a meaningful name.
Note: While in the beta phase, keep the default setting (non-gallery)
Setup SSO (optional)
Use our instructions from here
This step is not required if you’re using another IdP / Entra ID application for SSO. Just make sure that the NameID and userName values match between your SSO setup and this SCIM integration.
Assign Users and Groups (optional)
By default, Entra ID can provision all users/groups. For testing or controlled rollout, assign only selected users/groups:
Go to your new application
Click "Users and groups", then add the specific users or groups you want to sync.
Enable SCIM in Skedda
In Skedda go to the SSO settings, click “Edit” and tick the “Enable SCIM integration”. Save the settings
Configure SCIM in Azure
Go to the Provisioning tab of the Entra ID application. Click “New configuration”. Enter the SCIM Base URL and Token from the SSO settings page in Skedda.
Click “Test connection” and then “Create” if the connection was successful.
Map attributes and groups you want to provision.
For Groups keep only “displayName” and “members”:
For Users keep “userName”, “active”, “emails[type eq "work"].value”, “name.givenName”, “name.familyName”, "preferredLanguage" and "locale".
Important: by default Azure maps the “userName” to “userPrincipalName” and “email” to “mail” properties. You might want to adjust it due to the following considerations:
The “userName” should be mapped to whatever your SSO NameID attribute is mapped to. Please note that Skedda expects this attribute to be in the email format. It’s best to test the SSO integration first to confirm.
The primary email address (attribute is “emails[type eq "work"].value”) should be mapped to whatever you want to be a user’s email address. Sometimes it’s the same “userPrincipalName”, sometimes it’s something else. This email address will be used as the email address of a user in Skedda.
Optional: Use Provision on demand initially and check all is working as expected.
Start auto-provisioning and you're done!
Deprovisioning behavior
Inactive users are “soft deleted”, they can’t log in, and their bookings will be anonymized by updating the booking holder to the default 'Casual user'.
Tips and best practices
We recommend setting up one SCIM app per venue for simplicity and clarity.
Use groups/tags in your IdP to map to Skedda user custom tags.
SCIM does not control admin privileges, assign those manually in Skedda.
Configure SCIM and SAML together for full automation.
Need Help?
If you need support configuring your identity provider, reach out to our team or review our related guide on SSO Configuration with Microsoft Entra ID.