Roll out analytics securely as your team grows, without managing identity app by app.
Available on Enterprise.
Enterprise identity readiness
Basedash follows your organization directory
People
142
139 active
Directory groups
18
Membership aligned
Access ownership
Basedash admins
Permissions controlled
Identity lifecycle
Organization directoryNew team members
Provisioned from Microsoft Entra ID
Revenue operations
Group membership aligned with the directory
Departing team members
Organization membership deactivated
Directory coverage
Users, groups, and memberships stay aligned
Authorization boundary
Resource permissions stay in Basedash
What it does
Identity lifecycle follows the directory, not an admin checklist.
SCIM, or System for Cross-domain Identity Management, is a standard way for an identity provider to manage user and group records in an application. Basedash supports SCIM 2.0 provisioning so Okta, Microsoft Entra ID, and other compatible providers can create, update, deactivate, and reactivate users while synchronizing groups and memberships.
When the identity provider sends a deactivation, Basedash deactivates that person's organization membership. Basedash admins separately set resource permissions, so synced membership never assigns access to data sources, dashboards, or other resources by itself.
Rollout risk
Scale analytics without scaling identity administration.
Access drift
People change teams or leave, but app membership can lag behind the directory.
Admin bottlenecks
Every rollout wave creates another queue of account and group updates for IT or data leaders.
Security review
Unclear ownership and manual lifecycle processes make enterprise access harder to explain.
SCIM gives data leaders and security teams a clearer answer to who owns identity changes: the directory manages users and group membership, while Basedash admins retain control over resource access.
Lifecycle
Join, move, and leave without app-by-app identity work.
Join
Start with the right people in place
When your identity provider assigns Basedash, SCIM can create the user and add their synced group memberships.
Move
Keep team membership aligned
As roles and teams change, supported user details, groups, and memberships can follow the directory.
Leave
Reduce stale organization access
When the identity provider sends a deactivation, Basedash deactivates that person's organization membership.
How it works
Your directory drives identity lifecycle into Basedash.
Directory
Your identity provider
Okta, Microsoft Entra ID, or another compatible provider remains the source of truth.
SCIM
Identity stays aligned
Users, groups, and memberships follow the supported provisioning changes your provider sends.
Basedash
Analytics rolls out with control
Organization membership stays current while Basedash admins separately govern resource permissions.
Ready to configure your provider? Follow the SCIM setup guide for technical details.
Ownership
Automation and authorization keep a clear boundary.
Identity provider owns
People and group membership
SCIM synchronizes supported user details, groups, and who belongs to each group. Deactivation changes organization membership in Basedash.
Basedash admins own
Resource permissions
Admins separately decide which data sources, dashboards, and other resources each group can access. SCIM does not provision admin roles or assign permissions.
Control stack
Identity, authorization, and data controls work as distinct layers.
SSO
Authenticate through your company identity provider.
SCIM
Sync users, groups, and memberships through the identity lifecycle.
RBAC
Set workspace, group, and resource access in Basedash.
Row-level security
Control row access by user and attributes.
SCIM strengthens identity lifecycle management; it does not create compliance, assign resource permissions, or replace the controls around it.
SCIM, answered.
What is SCIM provisioning in Basedash?
SCIM provisioning connects Basedash to an identity provider so user and group records can follow the organization's directory. Basedash supports SCIM 2.0 user and group provisioning for creating, updating, deactivating, and reactivating users, along with group and membership synchronization. This reduces app-by-app identity administration as people join, change teams, leave, or return.
Which identity providers work with Basedash SCIM?
Basedash SCIM works with Okta, Microsoft Entra ID, and other identity providers that support compatible SCIM 2.0 provisioning. The exact controls for assigning users and pushing groups vary by provider, but each compatible provider can manage the supported Basedash user, group, and membership lifecycle through SCIM.
How does SCIM help an enterprise BI rollout?
SCIM helps the identity lifecycle scale with analytics adoption. Instead of maintaining Basedash membership separately for every personnel change, teams can manage users and groups from their existing directory. That gives Heads of BI, VPs of Data, IT, and security a clearer source of truth for who belongs in the organization while reducing manual rollout work.
What happens when a user is deactivated in the identity provider?
When the identity provider sends a SCIM deactivation to Basedash, the corresponding organization membership is marked inactive. If the IdP later sends a reactivation, Basedash restores that same membership instead of requiring a new account. The timing depends on when the identity provider sends and Basedash processes the provisioning change; SCIM deactivation is not instant session invalidation.
Does SCIM group sync grant permissions in Basedash?
No. SCIM synchronizes groups and their memberships, but it does not assign Basedash resource permissions or provision administrator roles. After groups arrive from the identity provider, a Basedash admin separately decides which data sources, dashboards, and other resources each group can access. Directory membership is automated while resource authorization remains an explicit Basedash decision.
Where can administrators find SCIM setup details?
The Basedash documentation includes the configuration guide, supported user and group behavior, token management, discovery endpoints, limitations, and troubleshooting guidance. Organization admins can use that guide when they are ready to connect Okta, Microsoft Entra ID, or another compatible identity provider.
How does SCIM fit with SSO, RBAC, and row-level security?
Each control has a separate role. SSO handles authentication, SCIM manages the supported user, group, and membership lifecycle, role-based access control governs workspace, group, and resource access, and row-level security limits which rows users can see. SCIM does not assign Basedash resource permissions or provide compliance on its own.
Which Basedash plan includes SCIM?
SCIM is publicly packaged as an Enterprise feature. Enterprise teams can connect a compatible identity provider and use SCIM to manage user lifecycle, groups, and memberships alongside Basedash's other identity and security controls. Contact the Basedash team to confirm packaging for a specific deployment and plan the identity-provider setup.