Whimsical supports SCIM (System for Cross-domain Identity Management) for automated user provisioning on Business and Enterprise plans.
With SCIM provisioning, you can:
Here's a list of the most popular SAML SSO (and SCIM) providers supported by Whimsical, along with detailed setup instructions available through the provided links:
Provider (with links to more configuration instructions) | SAML | SCIM |
---|---|---|
✅ | ||
✅ | ||
✅ | ||
✅ | ❌ | |
✅ | ||
✅ | ||
✅ | ||
✅ | ||
✅ |
While we have detailed documentation for the most commonly used identity providers (Okta, Entra ID, & JumpCloud), there are also some pieces of information that are true for all, and may help you in setting up user provisioning with your SCIM provider:
There are two cases to consider when provisioning a user.
When creating a new user, if editor is undefined
or you do not provide a value, the user will have the default role set in your Whimsical workspace settings.
To set the role explicitly when provisioning:
true
- provisions the user as an editorfalse
- provisions the user as a viewerWhen updating an existing user, if editor is undefined
or you do not provide a value, there will be no change to the user's role in Whimsical.
To set the role explicitly when updating:
true
- provisions the user as an editorfalse
- provisions the user as a viewerTip: If you're managing user roles with groups, we strongly recommend always having a true
and a false
group. Setting undefined
may lead to undesired outcomes.
If you provision with SCIM but prefer managing user roles within your Whimsical workspace, do not specify a value for editor — then any roles defined in Whimsical will be maintained.
If you need any extra assistance getting up and running, contact our Customer Support team. We're always happy to help. 😁
Yes, SCIM provisioning is only available for workspaces that have SAML SSO configured.
Whimsical supports the following SCIM request types:
Yes — when a user is deactivated in your identity provider, Whimsical will automatically remove them from your workspace.
Any content the user created in shared folders or projects will remain accessible to collaborators, but the user will no longer appear in your workspace.
Yes — if your identity provider supports it, you can assign viewer/editor roles via SCIM attributes. Reach out to us if you'd like guidance on how to configure role mapping.
SCIM will link to the existing account based on email address. If the user was invited manually before SCIM was enabled, they’ll be automatically managed through SCIM going forward.