Introducing SCIM provisioning in Grafana: Enterprise-grade user management made simple
We’re excited to share that SCIM provisioning is available in public preview for Grafana Enterprise and Grafana Cloud Advanced!
This powerful feature, introduced last week at GrafanaCON 2025 as part of the Grafana 12 release, transforms how organizations manage users and teams in Grafana, bringing automated user lifecycle management and enhanced security to your observability platform.
In this blog, we’ll look at why we added this feature and explain how you can use SCIM for more efficient team management in Grafana.
The challenges of manual user management in Grafana
Over the years we’ve heard a clear and consistent message from our users: getting people set up in Grafana is way too complicated.
Trying to navigate the maze of options like team sync—where you had to build each team manually before connecting it to your identity provider—or the more limited role sync, which didn’t handle teams, was a headache. And for those with self-hosted Grafana Enterprise, there were even more choices with org mapping. It was a confusing landscape with no single, straightforward way to manage the entire user lifecycle.
Beyond the initial setup, another pain point emerged loud and clear: updates to user access weren’t happening fast enough. Users had to log in before changes took effect, leaving security teams on edge about the delays in revoking access when someone left.
This sluggishness became even more problematic with the rapid adoption of new Grafana tools such as Grafana Cloud IRM. Grafana administrators suddenly needed to onboard entire teams quickly, ensuring they were ready for on-call duties and would receive push notifications from Day One. But relying on individual logins creates real risks. If someone misses the request or is out of office, it could mean delays in resolving critical incidents.
SCIM: a unified solution for user provisioning
SCIM (System for Cross-domain Identity Management) is an open standard that improves user provisioning experience in Grafana. It provides a unified, automated approach to managing users, teams, and access controls.
Real-world impact
Organizations are scaling rapidly, and efficient team management has become a critical requirement. Previously, IT teams would spend hours manually creating teams in Grafana, then wait for each team member to log in before their access would sync. With SCIM, this entire process happens automatically the moment you create the group in your identity provider. Team members get instant access to their dashboards and can start working immediately.
The impact is even more significant when managing employee departures. Previously, revoking access meant either manual intervention or waiting for the next sync cycle—creating a potential security risk. Now, when a user is deactivated in the identity provider, their Grafana access is automatically revoked. No delays, no security gaps, no manual intervention needed.
Day-to-day team management becomes seamless, too. Adding new members to teams or changing roles happens in real time. No more waiting for users to log in, no more manual synchronization. As group memberships are adjusted in the identity provider, SCIM automatically reflects these changes in Grafana, ensuring teams always have the right access at the right time.
Key features
SCIM is built for enterprise environments, with robust support for major identity providers. So far, we’ve thoroughly tested integrations with Azure AD and Okta, ensuring seamless operation in Grafana Enterprise and Grafana Cloud. SCIM brings several powerful capabilities to Grafana:
Automated user lifecycle management
- Instant user provisioning when added to your IdP
- Automatic deprovisioning when users leave
- Real-time synchronization of user attributes
- No manual intervention required
Dynamic team management
- Automatic team creation from IdP groups
- Real-time team membership updates
- No more manual team setup
- Seamless group-to-team mapping
Enhanced security
- Immediate access removal for departing users (user will be logged out of existing sessions)
- Reduced risk of access control misconfigurations
- Automated compliance through proper deprovisioning
For detailed technical information about how SCIM works in Grafana, including user identification, team provisioning, and role management, please refer to our comprehensive documentation.
Current state and future vision
While SCIM provisioning brings powerful automation to Grafana’s user management, there are still areas where we’re actively working to improve the experience. Here’s what’s coming:
Enhanced migration experience
- Automated migration tools for team sync to SCIM transitions
- Seamless conversion of JIT-provisioned users to SCIM-managed accounts
- Bulk migration utilities for existing teams and permissions
- Migration status monitoring and rollback capabilities
Unified role management
- Full role management through SCIM, replacing role sync
- Support for custom roles and fine-grained permissions
- Automated role assignment based on IdP attributes
Advanced monitoring and management
- Dedicated SCIM configuration UI in Grafana
- Real-time sync status monitoring
- Detailed audit logs for provisioning actions
- Health checks and troubleshooting tools
- Automated conflict resolution
Extended platform support
- Additional identity provider integrations
What’s next
We’re actively building out the next wave of SCIM features, and we’d love your feedback during this public preview. Here’s how you can get involved:
- Try it today: Head over to our SCIM documentation to get started with setup and configuration.
- Share your feedback: Let us know what’s working, what’s not, and what you’d like to see next by opening a GitHub issue or reaching out through your Grafana support contact.
- Join the conversation: If you’re a Grafana Cloud customer, reach out via your account team. For Grafana Enterprise, talk to your customer success manager or file feedback through your support portal.
Your input will help shape how we improve SCIM before it reaches general availability.
Grafana Cloud is the easiest way to get started with metrics, logs, traces, dashboards, and more. We have a generous forever-free tier and plans for every use case. Sign up for free now!
