Young man with glasses smiling working on a MacBook outdoors, sitting in front of a modern wood and glass building at dusk.

April 17, 2026 (updated) - 4-minute read

SCIM Provisioning: Automated User Management for Workplace Software

When MazeMap Workplace is used company-wide by hundreds or thousands of employees, IT teams face a recurring challenge: user accounts, roles, and access rights must be kept up to date—without manual effort. SCIM provisioning solves exactly that. This article explains how the standard works, what MazeMap Workplace supports, and why SCIM integration is relevant for your IT setup.

by Marvin Christ
Senior Consultant

SCIM Provisioning: Automated User Management for Workplace Software

When MazeMap Workplace is used company-wide by hundreds or thousands of employees, the IT department faces a recurring challenge: user accounts, roles, and access rights must be kept up to date—without manual effort.

SCIM provisioning solves exactly that. This article explains how it works, what MazeMap Workplace supports, and why it’s relevant to your IT infrastructure.

Why manual user management doesn't scale

New employees need access. Departing employees must be removed from the system. Role changes must be reflected in the system. In a booking platform used by the entire workforce, this means a constant stream of changes.

Manual imports work in theory. In practice, three problems arise:

  • New employees will not appear in the system until someone runs another import

  • Departing employees remain active longer than necessary—a concrete security risk

  • Changes to roles are overlooked and result in inconsistent access rights

Both manual maintenance and file-based imports quickly reach their limits when scalability and reliability are required at the same time.

What SCIM Is—and Why It’s the Standard

SCIM stands for "System for Cross-domain Identity Management." It is an open standard from the IETF (version 2.0 since 2015) that defines a common API for managing identities in cloud applications.

In practical terms, this means that your identity provider—Azure AD, Okta, or a similar system—automatically synchronizes user changes across all connected systems. In other words:

  • New employees are added to MazeMap Workplace as soon as they are added to Active Directory

  • Access rights are automatically revoked when someone leaves the company

  • Role assignments and permissions remain synchronized without manual intervention

How MazeMap Workplace Integrates SCIM

MazeMap Workplace fully implements the SCIM 2.0 core standard. This makes the platform compatible with all major identity providers—including Azure AD and Okta. You can find an overview of all supported integrations on the Integrations page.

Specifically for Azure AD: By default, the Azure AD Provisioning Service synchronizes users and permissions every 20 minutes. Using AD group assignments, you can control who gets access, which roles are assigned, and which resources are available— without any manual configuration.

The complete SCIM API documentation for MazeMap Workplace is available here.

What this means for your IT setup

SCIM provisioning isn't just a matter of convenience—it's about security and operational reliability.

  • Smaller attack surface: Departing users are automatically deprovisioned, not weeks later

  • Audit-ready access control: Role assignments can be tracked at the AD group level

  • Reduced administrative burden: No manual import cycles, no ticket-based access requests

  • Compatible with existing infrastructure: Works directly within your Azure AD or Okta setup

For IT teams deploying workplace management software at an enterprise scale, SCIM support is often a requirement—not just a nice-to-have. This is also evident from the experience gained during the BASF implementation: SCIM integration was a decisive factor in the platform selection process because it enables automatic synchronization of user roles and permissions within a complex IT infrastructure.

Frequently asked questions

  • Yes. MazeMap Workplace implements the key features of the SCIM 2.0 standard: creating and deleting users, managing master data, and assigning roles and permissions.

  • Azure AD and Okta are the primary supported platforms. Any identity provider that supports SCIM 2.0 can be integrated via the MazeMap Workplace API.

  • By default, the Azure AD Provisioning Service synchronizes users and permissions every 20 minutes. The synchronization frequency can be adjusted as needed.

  • Yes. AD group assignments can be used to control application access, role assignments, and advanced permission scenarios—such as room booking —in MazeMap Workplace.

Are you
curious?

Contact us today using the form. We’ll get back to you shortly.

Or book a demo appointment directly :
We won’t show you a generic product demo.
Instead, we’ll analyze your situation and present you with specific solutions tailored to your setup.

Free & no obligation

Checkmark in a circle

Tailored specifically to your situation, rather than a standard demo

A checkmark inside a circle on a white background

Book a no-obligation demo today!

Lisa Pfützner

Workplace Strategist

Book a demo
Book a demo
A black telephone icon with orange sound waves.

Give us a call

+49 69-566086786

Call now
Call now
Three women are sitting at a table talking to a man who is standing. They are in a modern office with large windows overlooking the city.