To enable SCIM support, you first need to generate an API key for a Superuser. As a superuser, go to the user menu near the upper-right, and choose "Manage API keys." Click "Create New Token." Copy the token and paste that in as a "Bearer Token" on your SCIM client's configuration pages. Sometimes this means you may have to add the word "Bearer" with a space and then your API token. The full authorization header should look something like:

Authorization: Bearer abcdefghijklmnopqrstuvwxyz1234567890

The SCIM client will be able to create users from your directory, and Snipe-IT will try to map every field it can to the appropriate field within Snipe-IT.

The Snipe-IT SCIM URL’s will start with https://your_servername/scim/v2/ - in most SCIM providers, you need to just place that prefix of https://your_servername/scim/v2 and the SCIM protocol will handle the rest for you.


Snipe-IT can only sync Users, not Groups

Snipe-IT only has built-in mappings for Users, but not yet for the Groups section. Snipe-IT cannot sync Groups via SCIM at this time.

Fields that Snipe-IT Cannot Handle (yet)

  • displayName
  • Mobile Phone Number
  • Manager

Unsupported HTTP Verbs

DELETE is not supported by the underlying library yet


Azure SCIM and User Databases

If you restore from a backup, or regenerate your Users table somehow, you may need to delete your provisioning profile and re-create it. This is because Azure will "remember" your old user ID's and will refuse to "learn" the new ones. The only way to make it "forget" is to delete your provisioning profile and re-create it.

All supported mappings into Snipe-IT

SCIM NameSnipe-IT Users fieldData TypeRequired?
givenNameFirst NamestringYES
familyNameLast Namestring
(Enterprise Namespace):employeeNumberemployee_numstring
department(Lookup by name to set department_id)string

Environment Variables

In your .env file, you can specify two new environment values that modify how Snipe-IT's SCIM server works.

NameDescriptionDefault value
SCIM_TRACEWhen set to true, all SCIM requests and responses will be logged to a scim.log file in the storage/logs directoryfalse
SCIM_STANDARDS_COMPLIANCE When set to true, Snipe-IT tries to more closely follow the SCIM specifications. Definitely needed for OneLogin. When set to false, Snipe-IT maintains its original behavior. (This seems to rarely need to be changed)true


SCIM support did not previously support changing email addresses via Azure and some other SCIM clients. Since v6.2, that has been fixed, but if you were depending on the previous behavior, you may get unexpected results.

Okta Notes

If you get an error message of "User Account is Inactive" when trying to synchronize the 'login enabled' checkbox, make sure to enable "Deactivate Users" in the "Provisioning Settings" within the App settings on Okta. Read more in their support document here: