Skip to content
SCIM provisioning

Roll out analytics securely as your team grows, without managing identity app by app.

Available on Enterprise.

Organization/Identity readiness
Directory aligned

Enterprise identity readiness

Basedash follows your organization directory

Enterprise

People

142

139 active

Directory groups

18

Membership aligned

Access ownership

Basedash admins

Permissions controlled

Identity lifecycle

Organization directory

New team members

Provisioned from Microsoft Entra ID

Joined

Revenue operations

Group membership aligned with the directory

Moved

Departing team members

Organization membership deactivated

Left

Directory coverage

Users, groups, and memberships stay aligned

Authorization boundary

Resource permissions stay in Basedash

What it does

Identity lifecycle follows the directory, not an admin checklist.

SCIM, or System for Cross-domain Identity Management, is a standard way for an identity provider to manage user and group records in an application. Basedash supports SCIM 2.0 provisioning so Okta, Microsoft Entra ID, and other compatible providers can create, update, deactivate, and reactivate users while synchronizing groups and memberships.

When the identity provider sends a deactivation, Basedash deactivates that person's organization membership. Basedash admins separately set resource permissions, so synced membership never assigns access to data sources, dashboards, or other resources by itself.

Rollout risk

Scale analytics without scaling identity administration.

Access drift

People change teams or leave, but app membership can lag behind the directory.

Admin bottlenecks

Every rollout wave creates another queue of account and group updates for IT or data leaders.

Security review

Unclear ownership and manual lifecycle processes make enterprise access harder to explain.

SCIM gives data leaders and security teams a clearer answer to who owns identity changes: the directory manages users and group membership, while Basedash admins retain control over resource access.

Lifecycle

Join, move, and leave without app-by-app identity work.

Join

Start with the right people in place

When your identity provider assigns Basedash, SCIM can create the user and add their synced group memberships.

Move

Keep team membership aligned

As roles and teams change, supported user details, groups, and memberships can follow the directory.

Leave

Reduce stale organization access

When the identity provider sends a deactivation, Basedash deactivates that person's organization membership.

How it works

Your directory drives identity lifecycle into Basedash.

Directory

Your identity provider

Okta, Microsoft Entra ID, or another compatible provider remains the source of truth.

SCIM

Identity stays aligned

Users, groups, and memberships follow the supported provisioning changes your provider sends.

Basedash

Analytics rolls out with control

Organization membership stays current while Basedash admins separately govern resource permissions.

Ready to configure your provider? Follow the SCIM setup guide for technical details.

Ownership

Automation and authorization keep a clear boundary.

Identity provider owns

People and group membership

SCIM synchronizes supported user details, groups, and who belongs to each group. Deactivation changes organization membership in Basedash.

Basedash admins own

Resource permissions

Admins separately decide which data sources, dashboards, and other resources each group can access. SCIM does not provision admin roles or assign permissions.

Control stack

Identity, authorization, and data controls work as distinct layers.

SSO

Authenticate through your company identity provider.

New

SCIM

Sync users, groups, and memberships through the identity lifecycle.

RBAC

Set workspace, group, and resource access in Basedash.

Row-level security

Control row access by user and attributes.

SCIM strengthens identity lifecycle management; it does not create compliance, assign resource permissions, or replace the controls around it.

SCIM, answered.

What is SCIM provisioning in Basedash?

SCIM provisioning connects Basedash to an identity provider so user and group records can follow the organization's directory. Basedash supports SCIM 2.0 user and group provisioning for creating, updating, deactivating, and reactivating users, along with group and membership synchronization. This reduces app-by-app identity administration as people join, change teams, leave, or return.

Which identity providers work with Basedash SCIM?

Basedash SCIM works with Okta, Microsoft Entra ID, and other identity providers that support compatible SCIM 2.0 provisioning. The exact controls for assigning users and pushing groups vary by provider, but each compatible provider can manage the supported Basedash user, group, and membership lifecycle through SCIM.

How does SCIM help an enterprise BI rollout?

SCIM helps the identity lifecycle scale with analytics adoption. Instead of maintaining Basedash membership separately for every personnel change, teams can manage users and groups from their existing directory. That gives Heads of BI, VPs of Data, IT, and security a clearer source of truth for who belongs in the organization while reducing manual rollout work.

What happens when a user is deactivated in the identity provider?

When the identity provider sends a SCIM deactivation to Basedash, the corresponding organization membership is marked inactive. If the IdP later sends a reactivation, Basedash restores that same membership instead of requiring a new account. The timing depends on when the identity provider sends and Basedash processes the provisioning change; SCIM deactivation is not instant session invalidation.

Does SCIM group sync grant permissions in Basedash?

No. SCIM synchronizes groups and their memberships, but it does not assign Basedash resource permissions or provision administrator roles. After groups arrive from the identity provider, a Basedash admin separately decides which data sources, dashboards, and other resources each group can access. Directory membership is automated while resource authorization remains an explicit Basedash decision.

Where can administrators find SCIM setup details?

The Basedash documentation includes the configuration guide, supported user and group behavior, token management, discovery endpoints, limitations, and troubleshooting guidance. Organization admins can use that guide when they are ready to connect Okta, Microsoft Entra ID, or another compatible identity provider.

How does SCIM fit with SSO, RBAC, and row-level security?

Each control has a separate role. SSO handles authentication, SCIM manages the supported user, group, and membership lifecycle, role-based access control governs workspace, group, and resource access, and row-level security limits which rows users can see. SCIM does not assign Basedash resource permissions or provide compliance on its own.

Which Basedash plan includes SCIM?

SCIM is publicly packaged as an Enterprise feature. Enterprise teams can connect a compatible identity provider and use SCIM to manage user lifecycle, groups, and memberships alongside Basedash's other identity and security controls. Contact the Basedash team to confirm packaging for a specific deployment and plan the identity-provider setup.

We can help you migrate your data and dashboards from any other tool.