Set up automatic provisioning via SCIM
Before you start
Who can use this feature
Available on the Organization and Enterprise plans
Organization admins only
You can set up SCIM on our supported providers (Google Workspace, Okta, OneLogin, and Microsoft Entra ID), or a custom SAML SSO set up.
All SAML SSO configurations in Figma support Just In Time (JIT) provisioning. This is manual provisioning, which only applies any changes when a user next logs into their account, not when an admin makes the changes. JIT supports creating and updating users in Figma.
You can choose to enable automatic provisioning with SCIM. SCIM pushes any changes you make to Figma, as soon as they happen. SCIM also supports importing and deactivating users, and managing members' seat types.
Get your API token and SCIM URL from Figma
To set up automatic provisioning you'll need to an API token in Figma and a SCIM URL. To make the set up process easier, we recommend having both Figma and your identity provider open at the same time.
Generate an API token
You can generate an API token in your organization's admin settings:
- Open Figma in the file browser and select Admin in the sidebar.
- Select the Settings tab and navigate to the in the Login and provisioning section.
- In the Login and provisioning section, click SCIM provisioning.
- Click Generate API token.
- Copy the API token value.
Find your Tenant ID
Your identity provider will need a SCIM base URL to configure SCIM. Your Tenant ID will make up part of this URL. You can find your Tenant ID in your organization's admin settings:
- Open Figma in the file browser and select Admin in the sidebar.
- Select the Settings tab and navigate to the in the Login and provisioning section.
- In the Login and provisioning section, click SAML SSO.
- Copy the Tenant ID.
- Use your Tenant ID to create the SCIM base URL:
-
https://www.figma.com/scim/v2/[tenantID](Figma organizations) -
https://figma-gov.com/scim/v2/[tenantID](Figma for Government organizations)
-
Set up SCIM with your identity provider
The process for setting up provisioning depends on your identity provider.
Configure SCIM
If you're using one of our supported identity providers, you can follow our help articles:
- SAML SSO with Google Workspace
- SAML SSO with Okta
- SAML SSO with Microsoft Entra ID
- SAML SSO with OneLogin
If you're using an identity provider we haven't listed here, you can still set up SCIM with Figma.
You'll need to set up SAML SSO configuration with your identity provider, before you can configure SCIM. This may require you to set up a custom application.
We aren't able to provide documentation for custom configurations. Please reach out to your identity provider for any assistance with a custom configuration.
IMPORTANT
As part of the set up process with your identity provider, you'll need to choose which provisioning functions to use. Make sure the following functions are enabled:
- Create Users
- Update User Attributes
- Deactivate Users
Assign users to the application
When you set up automatic provisioning, you will be asked to assign users to the application.
As part of this process, you may be asked to provide additional information about each user. Figma supports the following common basic attributes, as well as some optional extras.
Basic attributes
Scroll to view table
|
Variable Name |
External Name |
External Namespace |
Suggested Mapping |
|
givenName |
givenName |
urn:ietf:params:scim:schemas:core:2.0:User |
user.firstName |
|
familyName |
familyName |
urn:ietf:params:scim:schemas:core:2.0:User |
user.lastName |
|
displayName |
displayName |
urn:ietf:params:scim:schemas:core:2.0:User |
user.displayName |
|
title |
title |
urn:ietf:params:scim:schemas:core:2.0:User |
user.title |
Advanced attributes
Scroll to view table
|
Variable Name |
External Name |
External Namespace |
Suggested Mapping |
|
employeeNumber |
employeeNumber |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.employeeNumber |
|
costCenter |
costCenter |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.costCenter |
|
organization |
organization |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.organization |
|
division |
division |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.division |
|
department |
department |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.department |
|
managerValue |
manager.value |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.managerId |
|
managerDisplayName |
manager.displayName |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
user.manager |
Tip: On the Enterprise plan, you can manage seats via SCIM to make sure everyone has the correct billing status in each product.
Display SCIM member metadata
When you have SCIM set up, you can choose which of these attributes you want to access in Figma. That attribute will be shown in the Members tab alongside Figma's default data.
- Open Admin > Settings
- In the Other section, click Member metadata.
- Choose from Cost center, organization, division, or department.
- Figma will show this data in the Members tab. You'll be able to sort your member list based on this column.
SCIM API reference
Figma provides a detailed reference for the Figma SCIM API on Figma's developer site. Use the SCIM API as another way to manage SCIM users and groups. The API reference includes the available endpoints, the supported schemas, and some example requests.