--- title: "User Provisioning integration with a generic Identity Provider" slug: "integrate-generic-identity-provider-to-user-provisioning" description: "Configure employee access to DocuWare with SCIM provisioning. Automate user creation, attribute sync, and group management for seamless integration." updated: 2026-04-22T14:20:28Z published: 2026-04-22T14:20:28Z canonical: "knowledgecenter.docuware.com/integrate-generic-identity-provider-to-user-provisioning" --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledgecenter.docuware.com/llms.txt > Use this file to discover all available pages before exploring further. # How to integrate generic identity provider to user provisioning If your organization uses an identity provider that supports provisioning via SCIM****protocol and you want to manage employee access to tools and services, you can use that feature to automatically provide your users with access to DocuWare. This guide will walk you through the steps to configure DocuWare and give you directions to set up provisioning for your organization. Docuware supports the following user provisioning features: - Automatic user creation: Users provisioned to DocuWare are automatically created. - Attribute synchronization: Updates to user attributes (such as userName, email, and active status) in the identity provider are reflected in DocuWare. - User deactivation: When users are deactivated in the identity provider, they are marked as disabled in DocuWare and can no longer log in. - Automatic group creation: Groups provisioned to DocuWare are automatically created, and users are assigned if they exist in DocuWare. - Group synchronization: Changes to provisioned groups in the identity provider are synchronized with DocuWare. ## Configuring DocuWare 1. Go to**DocuWare Configuration** and choose **general** > **User Provisioning.** 2. In the **User Provisioning** plugin, activate the option **Enable User Provisioning**. 3. In the dropdown **Identity Provider**select **Generic Identity Provider.** 4. In the dropdown **Application Registration** select previously created app registration or click **Create Application Registration** button: ![](https://cdn.document360.io/0108e24e-b3e8-446c-b670-66b1d2a9e861/Images/Documentation/image(677).png) 5. Write the **Application Name:** ![](https://cdn.document360.io/0108e24e-b3e8-446c-b670-66b1d2a9e861/Images/Documentation/image(678).png) 1. From the just created app registration copy the values of - **Application (Client) ID** - **Client secret** ![](https://cdn.document360.io/0108e24e-b3e8-446c-b670-66b1d2a9e861/Images/Documentation/image(679).png) 1. Click the **Done**button. 2. Add an identifier for your generic identity provider ![](https://cdn.document360.io/0108e24e-b3e8-446c-b670-66b1d2a9e861/Images/Documentation/image(680).png) 1. In order to access DocuWare’s provisioning API copy: 1. Tenant URL 2. Token Endpoint ![](https://cdn.document360.io/0108e24e-b3e8-446c-b670-66b1d2a9e861/Images/Documentation/image(681).png) 1. Click the **Save** button. ## Configuring your Generic Identity Provider To configure your generic identity provider for SCIM provisioning with DocuWare, ensure that user and group provisioning are set up carefully with the correct attribute mappings in accordance with the SCIM standard. Proper configuration and minimal mapping are essential to ensure reliable synchronization and to prevent provisioning errors. In order to avoid configuration issues we also recommend reviewing the detailed documentation on how DocuWare’s user and group provisioning operates, available here: [How to: User Provisioning API Integration Guide](/help/docs/user-provisioning-api-intgration-guide). > [!NOTE] > **Information: Using a Generic Identity Provider** > > Unlike configuring predefined identity providers in DocuWare, selecting the **Generic Identity Provider** option gives you full control over attribute mappings. > > This means that the value mapped to the **userName** attribute is used exactly as provided by your identity provider, without automatic modification or normalization. For example, if you map an email address to the userName field, the full email (e.g., user@example.com) will be preserved and **will not be shortened or trimmed** to just the prefix (e.g., user). > > This flexibility allows organizations to align provisioning behavior with their internal identity standards and avoid unintended transformations that may occur with predefined provider configurations. ## Aligning user mapping between provisioning and SSO When using both - **User Provisioning**and **SSO**(Single Sign-on)****with DocuWare, it is essential to ensure consistency between SCIM provisioning and SSO authentication . To allow both **User Provisioning** and **SSO** to work seamlessly together, map the **same value** to both the **userName** and **email** attributes in your identity provider. This is important because: - During **SCIM provisioning**, users are created and identified in DocuWare based on the mapped attributes (such as userName and email). - During **SSO login**, DocuWare matches incoming user claims (typically from the SAML or OIDC token) against existing users. - If the values differ between provisioning and SSO DocuWare may not correctly match the authenticated user to the provisioned account, therefore the login attempt might not work. Here is recommended approach on how to map userName and email attributes: - Map **userName → name, email value** (e.g., username, username@example.com) - Map **email → email value** (e.g., email@example.com) (could be same as userName) - Ensure the **SSO claim**for **username**and **email**also sends the same values By keeping these values identical across provisioning and authentication: - Users created via SCIM will match the identities received during SSO login - Duplicate users and login issues are avoided - User lifecycle management remains consistent and predictable This approach ensures that both provisioning and authentication mechanisms in DocuWare rely on the same unique identifier, enabling reliable user mapping across systems. ## Supported versions: DocuWare Cloud