Access and manage SCIM

Note:

Microsoft has changed the name of Azure Active Directory to Microsoft Entra ID. However, Nintex Workflow and the help still refer to this product as Azure Active Directory.
Access the Organization settings: Go to Settings > Organization.

The Organization settings page opens in a new tab. To return to the main menu, switch back to the tab you started from.

Jump to:

Access the SCIM page
Create or delete a directory
Create, sync, and delete user management rules
Failed events
SCIM selections
Set up SCIM in Nintex Workflow with your preferred identity provider

Access the SCIM page

Go to Settings > Organization.
Click SCIM.

On the SCIM page you can:

Create and configure a Directory. For more information, see Create or delete a directory.
Create user management rules to map IdP groups to Nintex roles and target tenants. Use the default rules or map your own groups. For more information, see SCIM user management rules.
Enable, disable, delete, and sync rules to apply changes to existing users. For more information, see Enable and disable user management rules and Add, sync and delete user management rules
View failed events when SCIM processing fails for a user. Use this information to investigate issues. For more information, see Failed events.

Create or delete a directory

You must be an Organization admin, and your organization must be federated to access the organization portal. For information, see User roles.

Create a directory

On the SCIM page, under the Directory section, click Add directory.
Enter a Directory name, click Add.

A Base URL and API key are provided. Use these credentials to configure SCIM in your identity provider and complete the setup process.
Important:
- Make sure to save your API key securely, as you won't be able to access it again after closing the window.
- The API key is shown only once. If the API key is lost or compromised, delete the directory and create a new one. Update the new API key in your identity provider.
In your identity provider portal, create or use the existing SSO application. For more information, see Create a Nintex Workflow application in Azure Active Directory.

After you set up a directory, you can configure user management rules for your tenant. For more information, see SCIM user management rules.

Delete a directory

When a directory is deleted, the connection to your identity provider will be lost, and Nintex Workflow will no longer accept updates from the IdP. As a result, any changes made to users or groups in the IdP will not take effect in Nintex Workflow.

On the SCIM page, under the Directory section, click and select Delete for the required directory.

Important: The existing user management rules are preserved. SCIM is no longer active until you recreate a directory. While SCIM is not active, manage users manually in the tenant or organization portal.

Create, sync, and delete user management rules

The SCIM user management rules let you manage access to tenants and roles based on users' group and role memberships in your IdP. Sync applies updates to users and groups after provisioning or rule changes. There are two types of sync apply updates:

IdP provisioning sync: Sends user and group changes from your IdP to Nintex. For example, Microsoft Entra ID runs an automatic provisioning cycle approximately every 40 minutes, or you can run provisioning on demand.
Nintex rule sync: Reapplies rule logic to existing users and groups in Nintex when rules are added, deleted, disabled, or enabled again.

Creating a user management rule lets you assign specific roles to users within a tenant based on their group membership. For more details, see SCIM user management rules.

Failed events

View all failed events on the SCIM page. The Failed events section shows the event failure timestamp and the related message ID.

SCIM selections

Section	Selection (or column or field)	Description
Directory	Add directory	Adds a new directory and provides a Base URL and API key.
	Directory name	Displays the name assigned to the directory during creation.
	Created	The date and time the directory was created.
	Created by	User name of person who configured the directory.
	Options ()	Lists the following selections: Pause sync: Pauses incoming messages from the IdP. You can still add, disable, or delete rules, but changes won’t take effect until you enable the directory again. Enable sync: Enables accepting the incoming messages from the IdP. Delete: Removes the directory and invalidates the corresponding API key. Existing rules remain, but the system doesn’t accept messages from the IdP until a new directory is configured.
User management rules	Sync rules	Allows you to sync rules. To apply rules to existing users and groups, sync them after adding.
	Add a rule	Allows you to add a rule to user management rules. For more information, see SCIM user management rules.
	Tenant access	Displays the name of the tenant the rule applies to.
	From IdP group	The IdP group that the user belongs to.
	Assigned role	Role type of the user who created the management rule. For more information, see User Roles.
	Assigned group	The Nintex Workflow group that the user is added to as a member. Note: SCIM supports adding users as members only. Adding users as owners isn’t supported.
	Members	Number of users who are managed by the rule.
	Created	The date and time the rule was created.
	Created by	Tenancy user name of person who configured the rule.
	Is active	Displays whether the rule is active or inactive.
	Options ()	Lists the following selections: Enable: Activates the rule and displays it as Active in Is active column. Disable: Deactivates the rule and displays it as Inactive in the Is active column. Delete: Deletes the rule.
Failed events	Timestamp	Displays the date and time when the event failed.
	Message ID	Displays the unique ID for the failed event message.

Set up SCIM in Nintex Workflow with your preferred identity provider

To configure SCIM for Nintex Workflow, see the guide listed below that is relevant to the identity provider you use:

Configure SCIM for Azure Active Directory