Thrive uses SCIM (System for Cross-domain Identity Management) Provisioning to automate user management by syncing data directly from your Identity Provider (IdP) or HR system. By implementing SCIM Provisioning, your organisation can automatically create, update, and deactivate user accounts in real-time. This "push" model ensures your learner data remains accurate while reducing manual administration.
This guide covers the technical setup, default attribute mappings, and how to request custom field configurations for your SCIM Provisioning service.
What is SCIM and why do we use it?
SCIM stands for System for Cross-domain Identity Management and is a standard for automating the exchange of user identity information between IT systems.
Essentially, using SCIM allows for new users to be created or users to be updated and suspended. The identity provider is the issuer of the ID card.
Using SCIM for the Thrive application allows the customer to create and update users automatically from their identity provider or HR application. The customer controls the data and what is sent to the Thrive platform. We don’t request user data at any point via SCIM, data is pushed from the source application.
The diagram below gives a basic view of how this works
Configuring your SCIM application
To enable user provisioning in your application, you will require the Thrive SCIM endpoint and unique token. The token can be generated by your implementation specialist or the support team.
The following fields are sent by default when sending SCIM requests
Additional custom field mappings
Where profile field data needs to be sent via SCIM and populated in Thrive, that is not in the list of default fields above, we will need to add a new mapping for each field you wish to send data to. This mapping ensures that the data received in the request is sent to the correct profile field.
New mappings can be requested via a support ticket and the team will need the following information to get these set up for you.
Customappsso attribute name
This is the name of the attribute that you have set up on your provisioning application that uses the data you want to send to . In most cases, this will be in the form of
urn:ietf:params:scim:schemas:core:2.0:User:xxxx
or
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:xxxx
We use the shortname in the mapping but we need the exact value, including any casing.
Please note ONLY the attributes below can be added from the extension namespace.
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:costCenter
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organisation
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:division
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department
The exact method of setting up a new attribute and attribute mapping may differ depending on your setup or application so you may need to reach out to your internal IT teams for this step
Note:
Thrive custom field ref
This is the ref value of the field in that you want the data to be sent to. This will always be the lowercase value as depicted below
New custom fields can be added to your platform via Configure > Profiles.
How do I request the mapping to be set up?
Once you have your attribute value and custom field ref as above, log a ticket with our support team via our Support Portal, and we will be able to add the mapping.
Once added, and confirmed by the team, it may require a restart of your provisioning from within your internal application, to allow for the new attribute mapping to be picked up and data sent over to us.
You can test a sample user by using a Provision on Demand option for an existing user. Different setups or applications may have different ways of doing this so you may need to consult with your internal IT teams to do this.
If you then experience any issues with data not being passed to Thrive or any errors, our support team will b able to help. Just provide any information you have on the error or dates/times of the last update and we can advise you from there.