Overview
SCIM keeps your Taskade workspace in sync with your identity provider. New hire in Okta. Taskade seat appears. Role change in Azure AD. Taskade role updates. Someone leaves. Taskade access revoked the same day. No manual invites, no orphaned seats, no audit gaps.
Built for enterprise teams running Taskade Genesis at scale, SCIM plugs into the same 7-tier role-based access (Owner, Maintainer, Editor, Commenter, Collaborator, Participant, Viewer) and the same audit trail used everywhere else in Taskade. One source of truth. One identity. One workspace.
Your IDP Taskade
┌─────────┐ SCIM push ┌──────────┐
│ Okta │ ─────────────▶ │ Workspace│
│ Azure │ users + roles │ + folders│
└─────────┘ └──────────┘
│ │
└──── one source of truth ─┘
TL;DR: SCIM (System for Cross-domain Identity Management) is the open standard for automatic user provisioning. Taskade supports SCIM via Okta and Azure AD. Configure SAML SSO first, then connect your identity provider to Taskade's SCIM endpoint. New users are created, updated, and deactivated automatically. Available today on legacy v3 / v6 / v7 Enterprise tiers only. V8 SCIM is on the roadmap (the
organization.scimfeature flag is off across every V8 tier including Enterprise). On V8, use SAML SSO plus manual provisioning until V8 SCIM ships — contact us for legacy enablement or to discuss interim provisioning for V8 Enterprise.
What SCIM Does for You
Without SCIM, every change to your org requires manual work in Taskade. SCIM does it for you.
| Event in your identity provider | What happens in Taskade |
|---|---|
| New hire added to the Taskade app | Workspace seat created and assigned to the right group |
| Role change in your directory | Taskade role updated (Owner, Maintainer, Editor, and so on) |
| Group membership change | Workspace and folder access updated automatically |
| User deactivated or offboarded | Taskade access revoked the same day |
| User reactivated | Access restored without losing past projects |
The result is one source of truth. You manage people in your identity provider. Taskade follows along.
When to Set Up SCIM
SCIM is the right call when any of the following apply.
✓ You have 25+ users on Taskade and onboarding is a recurring task
✓ Your security team requires same-day deprovisioning when people leave
✓ You manage workspace access through groups in Okta, Azure AD, or another directory
✓ You want a clean audit trail of who has access to which workspace
✓ You already use SAML SSO and want to extend it to user lifecycle management
If your team is small and changes rarely, manual invites and role changes may be enough. SCIM shines once headcount or churn grows past what one admin can track in a spreadsheet.
SAML vs SCIM at a glance
| Question | SAML SSO | SCIM Provisioning |
|---|---|---|
| What it does | Authenticates users at sign-in | Creates, updates, deactivates users automatically |
| When it runs | At every sign-in | When your IDP changes |
| Replaces passwords? | ✓ Yes | (works alongside SAML) |
| Removes ex-employee access? | (only at next sign-in) | ✓ Yes, immediately |
| Needed for groups → workspaces? | No | ✓ Yes |
Set up SAML first, then add SCIM. They work together.
How It Works
Your identity provider holds the source of truth. SCIM pushes events to Taskade through a secure, token-authenticated endpoint. Taskade applies the change to the right workspace and role.
Set Up SCIM
Pick the guide that matches your identity provider.
| Identity provider | Guide |
|---|---|
| Okta | SCIM via Okta. Step-by-step set-up with screenshots. |
| Azure AD | SCIM via Azure AD. Same end result, Azure-specific flow. |
| Other providers | Contact us. We work with additional IDPs on Enterprise plans. |
Set up SAML SSO first. SCIM and SAML work together. Single sign-on handles authentication. SCIM handles user lifecycle. Both rely on the same identity provider.
Plan Availability
SCIM ships today on legacy v3.enterprise, v6.enterprise, and v7.team tiers only — grandfathered customers on those plans have working SCIM and we will continue to support it.
V8 SCIM is on the roadmap. The organization.scim feature flag is currently off across every V8 tier including V8 Enterprise. V8's organization model is being rebuilt and SCIM is being re-implemented against the new model — it will ship in a future v8.x release. Until then, V8 Enterprise customers should use SAML SSO + manual provisioning for the user-lifecycle layer.
Contact us to enable SCIM on a legacy contract, or to discuss interim provisioning while V8 SCIM is in development.
Until SCIM is enabled, you can still:
✓ Use SAML SSO to centralize sign-in
✓ Invite teammates manually from Settings → Members
✓ Manage roles and permissions in bulk inside Taskade
Common Questions
Do I need SAML to use SCIM?
Yes. Configure SAML SSO first. SCIM extends SAML by automating the user lifecycle that SAML alone does not handle.
Will SCIM overwrite existing Taskade users?
No. When you enable SCIM, existing users keep their access. New events from your identity provider apply to new users and to any subsequent change.
What happens to a deactivated user's projects?
Projects, comments, and tasks stay in the workspace. The user simply loses access. An Owner or Maintainer can transfer ownership or reassign work as needed.
Can I push group memberships, not just users?
Yes. With Okta and Azure AD, you can push groups as well as users, and groups map to Taskade workspace and folder access.
Is there an extra cost for SCIM?
SCIM is included with the legacy Enterprise tiers it ships on (v3.enterprise, v6.enterprise, v7.team) — no per-seat surcharge. V8 Enterprise customers cannot purchase SCIM today; it's on the roadmap, and the recommended interim is SAML SSO + manual provisioning at no extra cost.
Related guides
- SCIM via Okta. Set up the Okta connector end to end.
- SCIM via Azure AD. Same flow with Azure as the identity provider.
- SAML via Okta. Configure single sign-on first.
- Roles and Permissions. The 7 roles SCIM can assign.
- Workspace Privacy. Folder and workspace access controls.