Set member roles via SCIM

Figma has two products: Figma design and FigJam. Everyone in an organization has a role on each product. A person's role determines their billing status; if they’re included in your billing.

It also controls what activities they can do in design or FigJam files. There are three roles: viewer, viewer-restricted, and editor.

Organization admins can manage roles for members and guests in Figma. Organizations using SAML SSO and SCIM may want to manage member roles using their identity provider.

On the Enterprise plan, there are a few ways you can assign design and FigJam roles:

• Set default roles for new members and guests
• Assign a member's role using SCIM
• Let Figma assign an introductory viewer role to anyone joining the organization

If you assign a person's roles via SCIM, Figma will use those roles. If you don't set member roles when you provision them, Figma will use the organization's default roles. This applies to both design and FigJam. How roles are assigned →

Configure role setting

The exact process for setting a role depends on your identity provider. We recommend working directly with your identify provider for advanced setups, like assigning users based on groups.

Add a custom attribute to set Figma design or FigJam roles

1. Add a custom attribute to your identity provider.
2. Choose one of the following attribute names:
   • Use figmaPermission to set roles for Figma design.
   • Use figjamPermission to set roles for FigJam.
3. Choose one of the following values:
   • Use editor to assign the Editor role.
   • Use viewerRestricted to assign the Viewer-restricted role.
   • Use null to assign the default role in the organization for new users (Enterprise plan only). When the attribute is set to null, admins will be able to update the users’ role from Admin settings in Figma.
4. Set the data type to string (if applicable).
5. Set the external namespace to urn:ietf:params:scim:schemas:core:2.0:User.

Learn more about adding custom attributes with our supported providers:

• Okta: How to create a new custom attribute in Okta
• OneLogin: Set custom attribute value in Onelogin
• Azure Active Directory: Define custom attributes in Azure Active Directory