Teams using an identity provider can now manage Tuist organization membership with SCIM 2.0.
Until now, SSO helped organizations control how members sign in, but the member lifecycle still had to be managed manually in Tuist. That meant inviting users, updating their role, and removing them when they left a team or company. For organizations that already use Okta as the source of truth for access, that extra manual step is easy to forget and hard to audit.
SCIM support closes that gap. Your identity provider can now create, update, and deprovision Tuist organization members automatically.
What this means for you
If your organization uses an identity provider that supports SCIM 2.0, you can now configure Tuist as a SCIM target from the Authentication settings page. Tuist exposes a SCIM endpoint URL and lets you generate an organization-scoped SCIM token for your identity provider.
Once configured, assigning a user in your identity provider provisions them into the Tuist organization. Unassigning or deactivating the user removes their organization membership in Tuist.
We have explicit setup docs for Okta, which is what we expect most teams adopting this first to use.
What is supported
The first version focuses on common identity lifecycle operations:
- Provisioning users into an organization.
- Updating user attributes.
- Deprovisioning users from an organization.
- Mapping SCIM group membership to Tuist organization roles through the built-in
AdminsandUsersgroups.
Where to read more
- Docs: SCIM provisioning
- Docs: Single Sign-On
- Changelog: SCIM provisioning
- PR: tuist/tuist#10544
If you try this, we would love to hear how the setup flow feels and whether there are other identity providers you would like us to prioritize next.