Set member roles via SCIM
Before you start
Who can use this feature
Supported on the Enterprise plan
Only organization admins can configure SAML SSO and SCIM.
You need admin access to your identity provider and automatic provisioning enabled to manage roles via SCIM.
Figma has two products: Figma design and FigJam. Everyone in an organization has a role on each product. A person's role determines their billing status; if they’re included in your billing.
It also controls what activities they can do in design or FigJam files. There are three roles: viewer, viewer-restricted, and editor.
Organization admins can manage roles for members and guests in Figma. Organizations using SAML SSO and SCIM may want to manage member roles using their identity provider.
On the Enterprise plan, there are a few ways you can assign design and FigJam roles:
- Set default roles for new members and guests
- Assign a member's role using SCIM
- Let Figma assign an introductory viewer role to anyone joining the organization
If you assign a person's roles via SCIM, Figma will use those roles. If you don't set member roles when you provision them, Figma will use the organization's default roles. This applies to both design and FigJam. How roles are assigned →
Note: SAML SSO and SCIM only applies to members and not guests. You can still manage roles for guests in Figma.
Configure role setting
The exact process for setting a role depends on your identity provider. We recommend working directly with your identify provider for advanced setups, like assigning users based on groups.
Add a custom attribute to set Figma design or FigJam roles
- Add a custom attribute to your identity provider.
- Choose one of the following attribute names:
- Use
figmaPermission
to set roles for Figma design. - Use
figjamPermission
to set roles for FigJam.
- Use
- Choose one of the following values:
- Use
editor
to assign the Editor role. - Use
viewerRestricted
to assign the Viewer-restricted role. - Use
null
to assign the default role in the organization for new users (Enterprise plan only). When the attribute is set tonull
, admins will be able to update the users’ role from Admin settings in Figma.
- Use
- Set the data type to string (if applicable).
- Set the external namespace to
urn:ietf:params:scim:schemas:core:2.0:User
.
Learn more about adding custom attributes with our supported providers:
- Okta: How to create a new custom attribute in Okta
- OneLogin: Set custom attribute value in Onelogin
- Azure Active Directory: Define custom attributes in Azure Active Directory