SCIM or the System for Cross-domain Identity Management specification is a standard protocol to manage accounts across multiple services: add teammates, change their properties, such as name, or disable accounts to revoke access. Integrating Intercom with your identity provider makes managing teammates simple and secure.


  • Before setting up SCIM, SAML SSO should be set up in your workspace.

  • Intercom's provisioning capability is built using version 2.0 of the SCIM protocol.

  • SCIM is only available with certain Intercom plans. See our plans and pricing.

Setting up SCIM provisioning

To enable SCIM, go to Settings > Security and make sure 'Require SAML SSO' is selected. Then toggle on 'SCIM Provisioning':

A token will be available after you save the security settings.

Add a base URL and token to configuration of Intercom app in your Identity provider.

Configuring provisioning settings

Default teammate permissions

When your new teammate is created by your identity provider, Intercom gives them a default set of permissions that you can set up in Security Settings:

Click 'Edit' and toggle on the permissions for the new teammate:

Deprovisioning teammates

When teammates are deprovisioned by your identity provider, Intercom reassigns all conversations, Articles, Outbound messages and contacts to another admin. You can choose who should get the ownership of each type of data in your workspace. If you choose the 'Default' option, Intercom will assign items to the first teammate in the workspace, but they can be reassigned later.

You can also choose admins that should be excluded from deprovisioning. This could help your IT Team to keep access to your Intercom workspace in case of misconfiguration or an emergency.

What's next

Did this answer your question?