···

    Set up automatic provisioning via SCIM

    Before you start

    Who can use this feature

    Supported on the Organization and Enterprise plans

    Only Organization Admins can set up SAML SSO.

    All SAML SSO configurations in Figma support Just In Time (JIT) provisioning. This is manual provisioning which only applies any changes when a user next logs into their account, not when the Admin makes the changes. JIT supports creating and updating users in Figma.

    You can choose to enable automatic provisioning with SCIM. SCIM pushes any changes you make to Figma, as soon as they happen. SCIM also support importing and deactivating users.

    To set up automatic provisioning you will need to an API token in Figma and a SCIM URL. This will allow you to configure automatic provisioning in your identity provider.

    Copy your details from Figma

    To make the set up process easier, we recommend having both Figma and your identity provider open at the same time.

    You can generate an API token and find your Tenant ID on the Settings page of your Organization's Admin Settings:

    1. Open Figma and select Admin Settings in the sidebar.
    2. Select the Settings tab.

    Generate an API token

    1. In the Login and provisioning section, click SCIM provisioning.
    2. Click Generate API token.
    3. Copy the API token value.

    Find your Tenant Id

    Your identity provider will need a SCIM base URL to configure SCIM. Your Tenant Id will make up part of this URL.

    1. In the Login and provisioning section, click SAML SSO.
    2. Copy the Tenant ID.
    3. Use the tenant Id to create the SCIM base URL: https://www.figma.com/scim/v2/[tenant]

    Set up SCIM with your identity provider

    The process for setting up provisioning depends on your identity provider.

    Configure SCIM

    If you're using one of our supported identity providers, you can follow our help articles:

    If you're using an identity provider we haven't listed here, you can still set up SCIM with Figma.

    You'll need to set up SAML SSO configuration with your identity provider, before you can configure SCIM. This may require you to set up a custom application.

    We aren't able to provide documentation for custom configurations. Please reach out to your identity provider for any assistance with a custom configuration.

    IMPORTANT

    As part of the set up process with your identity provider, you'll need to choose which provisioning functions to use. Make sure the following functions are enabled:

    • Create Users
    • Update User Attributes
    • Deactivate Users

    Assign users to the application

    When you set up automatic provisioning, you will be asked to assign users to the application.

    As part of this process, you may be asked to provide additional information about each user. Figma supports the following common basic attributes, as well as some optional extras.

    Basic attributes

    Scroll to view table

    Variable Name

    External Name

    External Namespace

    Suggested Mapping

    givenName

    givenName

    urn:ietf:params:scim:schemas:core:2.0:User

    user.firstName

    familyName

    familyName

    urn:ietf:params:scim:schemas:core:2.0:User

    user.lastName

    displayName

    displayName

    urn:ietf:params:scim:schemas:core:2.0:User

    user.displayName

    title

    title

    urn:ietf:params:scim:schemas:core:2.0:User

    user.title

    Advanced attributes

    Scroll to view table

    Variable Name

    External Name

    External Namespace

    Suggested Mapping

    employeeNumber

    employeeNumber

    urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

    user.employeeNumber

    costCenter

    costCenter

    urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

    user.costCenter

    organization

    organization

    urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

    user.organization

    division

    division

    urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

    user.division

    department

    department

    urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

    user.department

    managerValue

    manager.value

    urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

    user.managerId

    managerDisplayName

    manager.displayName

    urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

    user.manager

    Note: It's not possible to assign permissions in Figma via your identity provider. Figma will add provisioned users to your Organization as viewers.

    This is a provisional role, which means there are no restrictions around upgrading.

    Learn more about members in an Organization →

    Display SCIM member metadata

    When you have SCIM set up, you can choose which of these attributes you want to access in Figma. That attribute will be shown in the Members tab alongside Figma's default data.

    1. Open Admin settings > Settings
    2. In the Other section, click Member metadata.
    3. Choose from Cost center, organization, division, or department.
    4. Figma will show this data in the Members tab. You'll be able to sort your member list based on this column.

    Guide to organization admin →

    Was this article helpful?

    Your feedback helps us improve Figma’s Help Center. To get help from support, submit a request through our contact form.

    Your feedback helps us improve Figma’s Help Center. To get help from support, submit a request through our contact form.

    Thank you for helping us improve Figma’s Help Center!

    Return to top