Skip to main content

Provisioning with SCIM

System for Cross-domain Identity Management (SCIM) enables automated, secure, and scalable user lifecycle management. By leveraging standardized SCIM APIs, identity providers (IdPs) canvcreate, update, and remove Equinix user accounts, eliminating manual provisioning and ensuring consistent, up-to-date access across systems.

When enabled, SCIM-based provisioning replaces manual user profile management via Federated SSO with standardized API automation. Identity providers (IdPs) automatically create, update, and remove Equinix user accounts using SCIM APIs. Authentication continues to be handled by the IdP via SAML or OIDC.

SCIM Provisioning Flow

To enable user provisioning via SCIM API calls:

  1. In the Customer Portal, go to the Administration menu and select Account and Security Management.

    note

    The Administration menu is visible only to Administrators.

  2. Click Federated Single Sign-On to view the Federation details screen. Alternatively, you can go to https://federation.equinix.com/.

  3. Select the Provisioning tab. This option will be available if you have successfully set up a federated connection and logged in using federated authentication.

  4. Click the toggle to enable SCIM API for provisioning user profiles. Enabling SCIM API calls will disable Federated SSO access for your users. During this process, no other actions can be performed in the Self-Service Federation (SSF) portal.

  5. The processing time may take up to 5 minutes, depending on the number of users in your organization. Once automatic provisioning is successfully enabled, you can proceed to set up the SCIM API.

  6. To generate a token for SCIM API access, click Generate New Token. You can have up to two tokens at a time. If you need a new one, delete an existing token first. Submit the generated token along with the Endpoint URL to your identity provider (IdP) to establish the connection.

  7. Token details will be displayed. Copy and save the token in a secure location. You will need the token in order access the API endpoint.

    note

    This is the only time token details will be displayed. If you lose the token, you will need to delete an existing token and regenerate a new one.

  8. To begin provisioning setup, roll over Provisioning Setup to choose your provisioning type.

  1. Select Not restricted to provision all users, or Restrict by group membership to limit provisioning to specific IdP groups. This finalizes automated user management for your environment.

  1. Hover over a section to edit or delete it, or click Pause to stop syncing. You can click Enable at any time to resume syncing.

Configuring Group-Based Provisioning

Equinix supports restricted provisioning using SCIM by allowing organizations to limit user provisioning to specific identity provider (IdP) groups. This setup is ideal for customers who want finer control over which users are provisioned into Equinix systems.

When enabling SCIM provisioning, you can choose between the following:

  • Not restricted – All users from the IdP are provisioned.
  • Restricted by group membership – Only users belonging to specified groups are provisioned.

To configure this:

  1. Under the Provisioning Synchronization section, select the appropriate provisioning setup.
  2. Complete the Provisioning Setup.

SCIM provisioning can be toggled on or off at any time. Turning off SCIM provisioning fully resets the configuration. Use this option only if you intend to fully reset or discontinue SCIM-based provisioning.

Configuring EntraID and Okta

To find out how to configure EntraID and Okta, refer to: