Set up automatic provisioning via SCIM
Before you start
Who can use this feature
Supported on the Organization and Enterprise plans
Only Organization Admins can set up SAML SSO.
All SAML SSO configurations in Figma support Just In Time (JIT) provisioning. This is manual provisioning which only applies any changes when a user next logs into their account, not when the Admin makes the changes. JIT supports creating and updating users in Figma.
You can choose to enable automatic provisioning with SCIM. SCIM pushes any changes you make to Figma, as soon as they happen. SCIM also support importing and deactivating users.
To set up automatic provisioning you will need to an API token in Figma and a SCIM URL. This will allow you to configure automatic provisioning in your identity provider.
Copy your details from Figma
To make the set up process easier, we recommend having both Figma and your identity provider open at the same time.
You can generate an API token and find your Tenant ID on the Settings page of your Organization's Admin Settings:
- Open Figma and select Admin Settings in the sidebar.
- Select the Settings tab.
Generate an API token
- In the Login and provisioning section, click SCIM provisioning.
- Click Generate API token.
- Copy the API token value.
Find your Tenant Id
Your identity provider will need a SCIM base URL to configure SCIM. Your Tenant Id will make up part of this URL.
- In the Login and provisioning section, click SAML SSO.
- Copy the Tenant ID.
- Use the tenant Id to create the SCIM base URL:
https://www.figma.com/scim/v2/[tenant]
Set up SCIM with your identity provider
The process for setting up provisioning depends on your identity provider.
Configure SCIM
If you're using one of our supported identity providers, you can follow our help articles:
If you're using an identity provider we haven't listed here, you can still set up SCIM with Figma.
You'll need to set up SAML SSO configuration with your identity provider, before you can configure SCIM. This may require you to set up a custom application.
We aren't able to provide documentation for custom configurations. Please reach out to your identity provider for any assistance with a custom configuration.
IMPORTANT
As part of the set up process with your identity provider, you'll need to choose which provisioning functions to use. Make sure the following functions are enabled:
- Create Users
- Update User Attributes
- Deactivate Users
Assign users to the application
When you set up automatic provisioning, you will be asked to assign users to the application.
As part of this process, you may be asked to provide additional information about each user. Figma supports the following common basic attributes, as well as some optional extras.
Basic attributes
Scroll to view table
Variable Name |
External Name |
External Namespace |
Suggested Mapping |
givenName |
givenName |
urn:ietf:params:scim:schemas:core:2.0:User |
user.firstName |
familyName |
familyName |
urn:ietf:params:scim:schemas:core:2.0:User |
user.lastName |
displayName |
displayName |
urn:ietf:params:scim:schemas:core:2.0:User |
user.displayName |
title |
title |
urn:ietf:params:scim:schemas:core:2.0:User |
user.title |
Advanced attributes
Scroll to view table
Variable Name |
External Name |
External Namespace |
Suggested Mapping |
employeeNumber |
employeeNumber |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.employeeNumber |
costCenter |
costCenter |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.costCenter |
organization |
organization |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.organization |
division |
division |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.division |
department |
department |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.department |
managerValue |
manager.value |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.managerId |
managerDisplayName |
manager.displayName |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.manager |
Note: It's not possible to assign permissions in Figma via your identity provider. Figma will add provisioned users to your Organization as viewers.
This is a provisional role, which means there are no restrictions around upgrading.
Display SCIM member metadata
When you have SCIM set up, you can choose which of these attributes you want to access in Figma. That attribute will be shown in the Members tab alongside Figma's default data.
- Open Admin settings > Settings
- In the Other section, click Member metadata.
- Choose from Cost center, organization, division, or department.
- Figma will show this data in the Members tab. You'll be able to sort your member list based on this column.