Troubleshooting SCIM provisioning

SCIM provisioning works in combination with your SSO setup in Atlan. Atlan currently only supports SCIM provisioning for Azure AD SSO.

What version of SCIM does Atlan use?

Atlan uses SCIM 2.0 for SCIM provisioning.

What information does Atlan sync from SSO providers?

Atlan syncs the user's first name, last name, username, email ID, group information, and user status through group mapping. The username and email ID are only synced once when the user is provisioned in Atlan for the first time.

What will happen if an SSO or Atlan group is renamed?

If SCIM provisioning is enabled and an SSO group that is mapped to Atlan is renamed, changes will sync automatically. Renaming an Atlan group does not affect SCIM functionality.

What happens if an SSO group is deleted?

If an SSO group is deleted in the SSO provider, then the group mapping will also be deleted in Atlan. The corresponding group in Atlan will remain active, but all the users will be removed from that group.

However, if you would like to retain the group membership for your users in Atlan, you can first delete the group mapping in Atlan and then delete your SSO group in the SSO provider.

What happens if a username already exists in Atlan?

If a user with the username user.name and email address xyz@example.com already exists in Atlan and another user with the same username user.name but different email address abc@example.com is to be added via SSO, it will create a conflict in Atlan. The existing user will remain in Atlan while the new SSO user will not be synced.

When does the SCIM token expire?

The SCIM token does not expire by default and can only be revoked if deleted.

How can I manage users in Atlan?

Following are the detailed permissions for managing your users in Atlan: