> ## Documentation Index
> Fetch the complete documentation index at: https://infisical-groups-phase-3.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# JumpCloud SCIM

> Learn how to configure SCIM provisioning with JumpCloud for Infisical.

<Info>
  JumpCloud SCIM provisioning is a paid feature.

  If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
  then you should contact [sales@infisical.com](mailto:sales@infisical.com) to purchase an enterprise license to use it.
</Info>

Prerequisites:

* [Configure JumpCloud SAML for Infisical](/documentation/platform/sso/jumpcloud)

<Steps>
  <Step title="Create a SCIM token in Infisical">
    In Infisical, head to your Organization Settings > Authentication > SCIM Configuration and
    press the **Enable SCIM provisioning** toggle to allow JumpCloud to provision/deprovision users and user groups for your organization.

    ![SCIM enable provisioning](https://mintlify.s3-us-west-1.amazonaws.com/infisical-groups-phase-3/images/platform/scim/scim-enable-provisioning.png)

    Next, press **Manage SCIM Tokens** and then **Create** to generate a SCIM token for JumpCloud.

    ![SCIM create token](https://mintlify.s3-us-west-1.amazonaws.com/infisical-groups-phase-3/images/platform/scim/scim-create-token.png)

    Next, copy the **SCIM URL** and **New SCIM Token** to use when configuring SCIM in JumpCloud.

    ![SCIM copy token](https://mintlify.s3-us-west-1.amazonaws.com/infisical-groups-phase-3/images/platform/scim/scim-copy-token.png)
  </Step>

  <Step title="Configure SCIM in JumpCloud">
    In JumpCloud, head to your Application > Identity Management > Configuration settings and make sure that
    **API Type** is set to **SCIM API** and **SCIM Version** is set to **SCIM 2.0**.

    ![SCIM JumpCloud](https://mintlify.s3-us-west-1.amazonaws.com/infisical-groups-phase-3/images/platform/scim/jumpcloud/scim-jumpcloud-api-type.png)

    Next, set the following SCIM connection fields:

    * Base URL: Input the **SCIM URL** from Step 1.
    * Token Key: Input the **New SCIM Token** from Step 1.
    * Test User Email: Input a test user email to be used by JumpCloud for testing the SCIM connection.

    Alos, under HTTP Header > Authorization: Bearer, input the **New SCIM Token** from Step 1.

    ![SCIM JumpCloud](https://mintlify.s3-us-west-1.amazonaws.com/infisical-groups-phase-3/images/platform/scim/jumpcloud/scim-jumpcloud-config.png)

    Next, press **Test Connection** to check that SCIM is configured properly. Finally, press **Activate**
    to have JumpCloud start provisioning/deprovisioning users to Infisical.

    ![SCIM JumpCloud](https://mintlify.s3-us-west-1.amazonaws.com/infisical-groups-phase-3/images/platform/scim/jumpcloud/scim-jumpcloud-test-connection.png)

    Now JumpCloud can provision/deprovision users and user groups to/from your organization in Infisical.
  </Step>
</Steps>

**FAQ**

<AccordionGroup>
  <Accordion title="Why do SCIM-provisioned users have to finish setting up their account?">
    Infisical's SCIM implmentation accounts for retaining the end-to-end encrypted architecture of Infisical because we decouple the **authentication** and **decryption** steps in the platform.

    For this reason, SCIM-provisioned users are initialized but must finish setting up their account when logging in the first time by creating a master encryption/decryption key. With this implementation, IdPs and SCIM providers cannot and will not have access to the decryption key needed to decrypt your secrets.
  </Accordion>
</AccordionGroup>
