# SCIM user provisioning Bunny supports the SCIM protocol for user provisioning. When enabled, SCIM allows your identity provider to create or delete user profiles in Bunny. This greatly simplifies the user onboarding and offboarding process for your administrators so we recommend its enabled if possible. ### Step 1 - Create an API client In order to enable SCIM user provisioning we must first create an API client in Bunny with the appropriate permissions assigned. 1. In your Bunny account select the **Other > API Clients** option from the top navigation menu. 2. Click to add a **New API Client**. 3. Give it a name like "SCIM client" 4. Set a long access token expiry like "63072000" seconds 5. Enable **Authorization Code Grant** 6. Set a Redirect URI for the identity providers SCIM provisioning service.\ \ For Onelogin use 7. Click save and take note of the **Client ID** and **Client Secret** that are revealed.

### **Step 2 - Enable provisioning in the identity provider** The next step is to configure the identity provider with Bunnys SCIM endpoint details. {% tabs %} {% tab title="OneLogin" %} On the admin panel in OneLogin select the Bunny app that you created as part of the SAML configuration. Then, on the Configuration tab for the app enter the following values.


SCIM Base URL	https://{{subdomain}}.bunny.com/api/scim/v2
OAuth2.0 Token URI	https://{{subdomain}}.bunny.com/oauth/token
OAuth2.0 Authorization URI	https://{{subdomain}}.bunny.com/app/authorize
Client ID	Your Bunny API client ID
Client Secret	Your Bunny API client secret
Scope	security:read security:write

Then click **Save** and scroll to the bottom of the Configuration tab where you will find a button to **Authenticate.** Clicking the **Authenticate** button will display a link that will take you to Bunny to **Approve** the connection to OneLogin. After clicking **Approve** you will be redirected back to OneLogin. The final step is to select the **Provisioning** tab, check the box to **Enable Provisioning** and then click **Save**. {% endtab %} {% tab title="Okta" %} 1. Select the **General** tab of the Bunny SAML application that you created in Okta. 2. Edit the applications settings and enable **SCIM** provisioning then click **Save**. 3. Select the Provisioning tab that has appeared and click to edit. 4. Set the **SCIM base connector URL** to 5. Select the check boxes to **Push New Users** and **Push Profile Updates** 6. Change the **Authentication mode** to **Header** 7. Now switch back to the API client that you created in Bunny for step 1. Click the **Generate access token** button and copy the access token into the **Token** box provided by Okta. {% endtab %} {% endtabs %} ### Step 3 - Test user provisioning Provisioning is now enabled for this application. If you add or remove users to the Bunny app in the identity provider they will be added or suspended in Bunny. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bunny.com/guide/advanced-guides/scim-user-provisioning.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.