Skip to main content

Prerequisites

Before configuring SCIM 2.0, your organization must have already set up Single Sign-On (SSO) with RecruitiFi. The organizationIdentifier used in your SSO configuration will also be used for SCIM.

1. Create a SCIM 2.0 Application in Your Identity Provider (IdP)

Navigate to your Identity Provider (IdP) and create a new SCIM 2.0 application. This is typically done via your IdP’s application directory or catalog. The exact steps may vary depending on the IdP you’re using (e.g., Okta, OneLogin, Entra ID).
Create a SCIM 2.0 application in Okta
  1. From the Applications page in Okta, navigate to Browse App Catalog.
  2. Search for SCIM 2.0 TEST App (OAuth Bearer Token).
Okta General Settings
  1. Enter a descriptive name (such as “RecruitiFi SCIM”) as the Application label.
  2. Click Next.
Okta Sign-On Options
  1. Ensure the Application username format matches the User Identifier Assertion. This should be something immutable; email addresses sometimes change.
  2. Click Done.

2. Configure SCIM Settings

In your IdP’s SCIM 2.0 configuration page, enter the following details:
  • SCIM 2.0 Base URL:
    https://my.recruitifi.com/[organizationIdentifier]/auth/scim/v2
  • OAuth Bearer Token:
    Generate a token by navigating to the SCIM integration page in RecruitiFi. Copy and paste the token into the appropriate field in your IdP. If you lose this token, you will need to regenerate it and reconfigure the SCIM settings in your IdP. This feature must be activated by contacting RecruitiFi support.

3. Test the API Integration

After entering the required details, test the SCIM API credentials from your IdP. If the connection is successful, you will receive a confirmation message. If the test fails, verify your network configurations, token accuracy, or reach out to RecruitiFi support for assistance.

4. Enable Provisioning

Once the connection is confirmed, enable automatic user provisioning and deprovisioning in your IdP. Be sure to verify that all required user attributes are mapped correctly between your IdP and RecruitiFi before enabling provisioning. This may include:
  • Provision Users: Automatically create new users in RecruitiFi when they are added to the corresponding group in your IdP. Make sure attributes like email, username, and other key fields are properly synced.
  • Update User Attributes: Keep user information in sync between your IdP and RecruitiFi. Ensure that any changes in attributes like job title, department, or phone number are correctly updated.
  • Deactivate Users: Automatically deactivate users in RecruitiFi when they are removed from your IdP or unassigned from the group. Clarify whether deactivation means deletion, archiving, or suspension, based on your organization’s policies.

5. Assign Users to the SCIM Application

In your IdP, assign the appropriate users or groups to the SCIM application. Depending on your organization’s needs, this can be done on an individual basis or by assigning entire groups. Ensure proper role mappings and permissions for the assigned users or groups.

6. Set Up Role Management (Optional)

If your organization uses role management, contact RecruitiFi support during setup to enable and configure roles that align with your organization’s needs.

Next Steps

  • Monitor and Maintain: Regularly check the SCIM integration to ensure that user provisioning and deprovisioning are functioning as expected. You can monitor successful synchronization logs in your IdP and RecruitiFi. If group memberships or user data seem out of sync, a manual sync may be required.
  • Regenerate Tokens if Needed: If your SCIM token expires or is lost, regenerate it in RecruitiFi and update your IdP’s configuration. Set a reminder to periodically check token expiration or implement an automatic expiration policy.
For additional support, please reach out to RecruitiFi’s support team.