System for Cross-domain Identity Management (SCIM) allows you to automatically manage your Mentimeter workspace members via your identity provider (IdP). SCIM is available for Enterprise Plans, and only admins or owners can configure SCIM settings.
Imagine your organization is expanding, and you’re onboarding new employees regularly. Instead of manually adding each new user to Mentimeter, SCIM takes care of it for you. When HR updates a user’s details in your IdP, SCIM automatically provisions them in Mentimeter, assigning the right roles so they can start working immediately.
Likewise, if someone has been inactive for a long time, SCIM can deactivate their Mentimeter account based on their status in your IdP. This keeps your workspace access secure and ensures that only active users have access to the platform, without the need for manual intervention.
This automation helps streamline user management and enhances security by keeping your workspace access up-to-date.
Benefits of SCIM
Improved Efficiency: SCIM automates user provisioning and de-provisioning, reducing administrative overhead, saving time, and streamlining the onboarding and offboarding process for large workspaces.
Enhanced Security: It ensures prompt granting and revocation of user access, minimizing unauthorized access risks, with the added benefit of centralizing role management through your Identity Provider.
Data Consistency: It easily handles updates like email changes and name changes.
Simplified Compliance: Centralized identity management makes it easy to monitor and audit user access, helping meet regulatory compliance requirements, while also supporting organizational needs like cross-charging departments.
Key Actions You Can Perform with SCIM
With SCIM integration in Mentimeter, you can efficiently manage your workspace members and groups directly from your Identity Provider. Here are the key actions you can perform:
User Management
Add New Members: Automatically provision new users into your Mentimeter workspace, ensuring they have the appropriate roles and access from day one.
Remove Members: Seamlessly de-provision users, instantly revoking access when they leave your organization.
Deactivate Members: Temporarily disable user accounts without permanently removing them, useful for managing leaves of absence.
Re-invite Members: Easily re-invite deactivated users to regain access when needed.
Update Emails: Keep user contact information current by syncing email updates directly from your Identity Provider.
Group Management
Create Groups: Organize your users into functional groups, mirroring your organizational structure.
Update Groups: Make changes to group attributes using the PATCH method, ensuring your groups are always up to date.
Update Group Members: Add or remove users within groups, keeping your workspaces aligned with your current projects and initiatives.
List Groups: Retrieve a comprehensive list of all groups within your Mentimeter workspace for easy management.
Remove Groups: Clean up unused or outdated groups by removing them directly from Mentimeter.
Additional Features
Filtering SCIM users
It is possible to filter users by their last active date using the SCIM API. By applying a Last Active filter in your API requests, you can retrieve users based on when they were last active, making it easier to manage inactive accounts. This approach helps you keep your user data up-to-date and secure.
For more information, see the Filtering Last Active section in the Mentimeter API documentation.
Mentimeter Groups
You can also connect groups within your IdP to Mentimeter Groups and ensure that the right users are directly accessing the right groups within Mentimeter when they’re assigned.
If you wish to not have this, uncheck the “Create” box under the Group mappings in the SCIM configuration.
FAQ
What does deactivation mean for a user? Will they lose their presentations?
This means that the user cannot log in or use the account until it's been activated again. Their presentations are still available in the workspace. A presentation is still accessible by its collaborators if it belongs to a deactivated user.
What happens to the existing users in the workspace if SCIM is enabled on them?
Nothing will happen to them, they will stay put. If you have users in a workspace that are not added to the SCIM application on the IdP side, then they will also stay put, as SCIM is not connecting to these users.
What happens if you invite an existing user with their own license?
If you invite an existing user with their own license via SCIM, an error message will indicate the user was skipped because they already have a license. To proceed, you’ll need to invite them through the manage members page manually. When they join the organizational workspace, their personal license is canceled, but none of their content is lost.
What happens if there is a change of email addresses or organisational domain?
SCIM takes complete care of the changes if the changes happens after the SCIM implementation.
Please note that if a change happens in the IdP before SCIM is implemented but the Mentimeter account does not reflect the change, then a duplicated account will be created as Mentimeter won’t recognise the user.
What happens when a user has left the organisation?
If a user is deleted from the IdP, then the user will first be deactivated and then after a set period of time (depending on the IdP), Mentimeter receives a delete request which will delete the account.
If you wish to not delete the accounts but rather keep them deactivated, then uncheck the “Delete” box under the User Mappings in your SCIM configurations.
Will users receive notifications on provisioning/de-provisioning?
Yes, they will receive an email notifying them about either being added to a group or deactivated from Mentimeter.
Can you still use the Mentimeter console to manage members if you’ve set up automatic provisioning?
Yes, you can still use the Mentimeter console to manage members even if you’ve set up automatic provisioning. However, it’s recommended to manage users exclusively through your Identity Provider (IdP) to maintain a single source of truth. This approach ensures consistency and reduces the risk of conflicts between different systems.