SCIM Provisioning for Dashboard
API7 Gateway Dashboard supports SCIM (System for Cross-domain Identity Management) for automated user provisioning and de-provisioning from external identity providers.
With SCIM enabled, you can synchronize users from your identity provider to the Dashboard instead of managing them manually one by one.
Prerequisites
Before you begin, ensure you have:
- API7 Gateway is installed and the Dashboard is accessible.
- You have an identity provider account with administrative privileges.
- You have a user account in API7 Gateway with permission to manage organization settings.
Enable SCIM in API7 Gateway
- Log in to the API7 Dashboard with an administrative account.
- Go to Organization -> Settings.
- Enable SCIM Provisioning.
- Copy the API7 SCIM Endpoint URL.
- Generate and copy the SCIM Token.
Provider Guides
Verify Provisioning
After configuring your identity provider, return to the API7 Dashboard and go to Organization -> Users to confirm that synchronized users appear in API7 Gateway.
SCIM provisions and de-provisions user accounts, but access is still controlled through API7 Gateway RBAC. If you also configure Dashboard SSO role mapping, role assignments can be refreshed during user login based on your SSO mapping rules.
Next Steps
- SSO for Dashboard — configure interactive login flows for Dashboard users.
- Role-Based Access Control — manage how provisioned users get access in API7 Gateway.
- Permission Policies and Boundaries — define the permission model used with provisioned users.