:Harvey:Support

Release Notes

SCIM (System for Cross-domain Identity Management)

Sync users, roles, and groups from your IDP.

Release Date
Apr 29, 2026
Categories
Governance
Release Type
Regional Availability
US, EU, AU

What’s New

Harvey now supports System for Cross-domain Identity Management (SCIM), enabling automated identity and access management across your organization.

Key capabilities include:

  • Automated user provisioning: Create, update, and deactivate users directly from your Identity Provider (IdP)
  • Role and group synchronization: Automatically sync roles, permissions, and group memberships
  • Centralized identity management: Manage access to Harvey from your existing identity system
  • Improved security and compliance: Enforce least-privilege access and reduce outdated or incorrect permissions
  • Reduced administrative overhead: Eliminate manual onboarding and offboarding workflows

Why It Matters

SCIM introduces a standardized, automated approach to managing user access:

  • Keep access accurate: User status, roles, and groups stay in sync with your organization
  • Reduce risk: Automatically remove access when users leave or change roles
  • Save time: Eliminate manual updates across users and teams
  • Support enterprise requirements: Align with common identity and access management standards

How to Use

For Admins

  1. Configure SCIM in your Identity Provider (Microsoft Entra ID or Okta)
  2. Enable SCIM provisioning for Harvey
  3. Map:
    • Users
    • Roles
    • Groups
  4. Test provisioning to confirm users and permissions sync correctly

For detailed setup instructions, see the SCIM Integration Guide.

Known Limitations

  • Admin configuration required: Must be set up through your Identity Provider
  • IdP dependency: SCIM behavior depends on your Identity Provider configuration and mappings
  • Supported providers: Only Microsoft Entra ID (Azure AD) and Okta are supported. Please reach out to your Harvey contact if you have a different IdP and would like to use SCIM. Additionally, SCIM does not work with SAML JIT provisioning.

FAQ

Q: What is SCIM and why does it matter?

SCIM is an open standard for automating the exchange of user identity data between systems. It allows your organization to centrally manage access to Harvey, improving security and reducing manual work.

Q: Which Identity Providers are supported?

Harvey supports major providers including Microsoft Entra ID and Okta. Additional providers may be supported over time.

Q: How does SCIM improve administrative workflows?

SCIM automatically synchronizes users, roles, and groups with your identity system. This removes the need for manual updates and ensures access remains accurate.

Q: Do I still need to manage users manually in Harvey?

In most cases, no. Once SCIM is configured, user provisioning and updates are handled through your Identity Provider.

Q: What happens when a user is deactivated in the Identity Provider?

SCIM automatically deactivates that user in Harvey, removing their access.

Q: Can I still add granular permissions with SCIM?

Yes, you can still add permissions to users provisioned by SCIM through the Users tab.

Q: Will turning on SCIM provisioning delete existing users?

No - users will maintain the data associated with their email account.