Skip to content
English
Submit a Support Ticket
Contact us
  • There are no suggestions because the search field is empty.

SCIM Integration for User Provisioning

Automate user provisioning and deprovisioning in Asana using SCIM with your identity provider for streamlined user management.

What Is SCIM and Why Use It?

SCIM (System for Cross-domain Identity Management) is a standardized protocol used to automate user identity management between your identity provider (IdP) and service platforms like Asana. It allows for automatic creation, updating, and removal of user accounts based on your internal directory system.

Key Benefits:

  • Automated user provisioning to reduce manual onboarding/offboarding.

  • Real-time deactivation of users to enhance security.

  • Consistent identity data across systems.

  • Improved operational efficiency for IT teams managing large or dynamic teams.

SCIM is particularly useful in organizations with frequent user changes, strict security protocols, or compliance requirements.

Prerequisites

To enable SCIM in Asana, you must have:

  • An Enterprise or Enterprise+ Asana subscription.

  • A verified domain associated with your organization in Asana.

  • Super Admin access within your Asana Admin Console.

  • An identity provider that supports SCIM 2.0, such as Okta, Microsoft Entra ID (formerly Azure AD), or Google Workspace.

Setting Up SCIM in Asana

Step 1: Create a SCIM Service Account in Asana

  1. Go to the Admin Console and select the Apps tab.

  2. Click Add Service Account.

  3. Name the service account and add a description.

  4. Under Permission Scopes, select Scoped permissions.

  5. Enable these specific scopes:

    • Users: Read

    • Users: Create and modify

    • Teams: Read

    • Teams: Create and modify

  6. Save changes and copy the generated SCIM token. You will use this in your identity provider configuration.

Step 2: Configure Your Identity Provider

The setup varies slightly depending on your IdP. Below is a general process using Microsoft Entra ID:

  1. Log into the Microsoft Entra Admin Center.

  2. Navigate to Enterprise Applications and select Asana (or create it).

  3. Go to the Provisioning section and set mode to Automatic.

  4. Enter the SCIM endpoint:
    https://app.asana.com/api/1.0/scim

  5. Paste in the SCIM token you copied from Asana.

  6. Test the connection to confirm communication between systems.

  7. Configure user and group assignment rules and attribute mappings as needed.

  8. Enable provisioning and save your settings.

Each identity provider will follow a similar process but refer to your provider’s documentation for specific steps.

Managing Users with SCIM

Once SCIM is configured:

  • New users assigned to the Asana app in your IdP will automatically be added to your Asana organization.

  • User updates (e.g., name or department changes) will sync to Asana automatically.

  • Deactivated users in your IdP will be deprovisioned in Asana immediately.

  • Groups can be mapped to Asana teams, streamlining project and permission assignments.

Best Practices

  • Start with a small group of test users to validate the sync before rolling it out organization-wide.

  • Regularly audit group-to-team mappings to ensure users have appropriate access.

  • Assign multiple Super Admins to maintain continuity in access control.