1. What are the benefits of SCIM?
SCIM streamlines processes and solves identity maintenance and security challenges like manual onboarding and offboarding.
SCIM provisioning is essential for growing organizations, especially when considering scalability.
2. What is the difference between Just in Time (JIT) provisioning and SCIM provisioning?
MURAL only supported SAML Just in Time (JIT) provisioning in the past. In this configuration, member accounts are created the first time they successfully log in to MURAL via SAML assertions that pass the attributes required for account creation.
SCIM, on the other hand, does not use SAML. Admins can create, update and deactivate accounts from a central place using an API call. For example, if an enterprise uses SCIM, and one of their employees departs the company, an admin can deprovision them in their IdP. That change will propagate to SCIM-enabled web applications and automatically delete the accounts there, too. JIT provisioning does not provide these capabilities.
However, both JIT and SCIM can be implemented through a web application single sign-on (SSO) solution.
3. What is the difference between SCIM and SSO?
SSO is a way to authenticate, and SCIM is a way to provision.
SAML SSO allows members to use a single sign-on (SSO) identity provider service to log in to MURAL instead of using the default email and password. SAML SSO requires our Business or Enterprise plan.
SCIM provisioning allows organizations to use their identity provider service to automate how their users are added to and updated in MURAL. SCIM requires our Enterprise plan.
4. Does SCIM support guest and visitor provisioning?
SCIM only supports the provisioning, updating, and deactivation of members and not visitors or guests.
5. Can customers turn off Just in Time (JIT) provisioning once they enable SCIM?
Yes, customers can turn off Just in Time (JIT) provisioning once SCIM is enabled. By default, JIT is turned on. Changing this can be done by requesting the change with your MURAL account or Support team.
6. How does SCIM affect collaboration?
Collaboration is affected if Just in Time (JIT) provisioning is turned off after SCIM is enabled. In that case, members not provisioned through SCIM who try to access MURAL are denied access.
We are not stopping members from inviting non-provisioned SCIM members to the product.
7. Will members provisioned through SCIM receive an email from MURAL?
No. When an admin creates a member's account, the member does not receive an email.
8. What does deactivating a member mean? How is it different from deleting a member?
Admins cannot permanently delete members from MURAL; only deactivate them.
If a members is deactivated, they can no longer sign in. The session is revoked almost immediately as part of the suspension process. If the member is logged in to MURAL at the moment of suspension, the next action they take (e.g., click) will kick them out and redirect them to the login page.
If a deactivated member tries to access MURAL, an error page will be displayed.
The deactivated member's data remains available for other collaborators. The deactivated member shows in MURAL as "grayed out" with the status "Inactive member."
When reactivating a removed member via SCIM, the member automatically regains access to the same content they had previously (if an admin didn't change the content owner through ownership transfer).
9. Do customers need SSO enabled to use SCIM?
No, but since this could bring on implementation issues, we highly recommend SSO to be set up before a customer implements SCIM.
Do you have thoughts about SCIM? Let us know! You can contact our Support team in the MURAL chatbox or email us at firstname.lastname@example.org.