Skip to main content
Back to changelog

Directory Sync (SCIM) is now generally available

Category
Organizations
Published

Directory Sync is now available to all users, with new support for custom attribute mapping and automatic role assignment from IdP groups.

Directory Sync (SCIM) is now generally available and enabled for all users. When users are added, updated, or removed in your identity provider, those changes are automatically reflected in Clerk, without any manual account management.

The following enhancements to Directory Sync are in public beta:

  • Custom attribute mapping lets you sync additional user data from your IdP (such as department, employee_id, or cost_center) directly into publicMetadata on the Clerk user object. Attribute definitions are configured once at the enterprise connection level and shared across both your SSO connection (SAML or OIDC) and your Directory Sync connection, so the same attributes are available regardless of how a user authenticates or is provisioned. When Directory Sync is enabled, it becomes the exclusive source for those attribute values and they're read-only in Clerk until Directory Sync is disabled.

  • Groups to role mapping lets you automatically assign Clerk roles based on IdP group membership. When a user is added to a group in your IdP, Clerk assigns the mapped role. When they're removed, they fall back to the next mapped role. If a user belongs to multiple groups with different role mappings, you can configure a precedence order to control which role takes effect.

Getting started

To enable Directory Sync, navigate to an enterprise connection in the Clerk Dashboard, open the Directory Sync tab, and toggle it on. Clerk generates a SCIM base URL and bearer token to configure in your IdP.

Refer to the Directory Sync documentation for setup guides for Okta and Microsoft Entra ID, and the Custom Attribute Mapping documentation for details on the shared attribute pool.

Compatibility note

Our implementation follows the SCIM 2.0 protocol. However, your identity provider (and how you configure it) may not match our implementation completely. If you run into any compatibility issues, please report them to . We have a team standing by and will work to get compatibility resolved quickly.

Pricing

Directory Sync is included with your enterprise connection at no extra charge. Refer to the pricing page for connection pricing details.

Contributors
Nicolas Lopes
Jim Kalafut
Gabriel Melo
Iago Dahlem
Tu Nguyen

Share this article