JumpCloud SCIM Integration
System of cross-domain identity management (SCIM) can be used to automatically provision and de-provision members and groups in your Bitwarden organization.
SCIM Integrations are available for Enterprise organizations. Teams organizations, or customers not using a SCIM-compatible identity provider, may consider using Directory Connector as an alternative means of provisioning.
This article will help you configure a SCIM integration with JumpCloud. Configuration involves working simultaneously with the Bitwarden web vault and JumpCloud Portal. As you proceed, we recommend having both readily available and completing steps in the order they are documented.
Are you self-hosting Bitwarden? If so, complete these steps to enable SCIM for your server before proceeding.
To start your SCIM integration, open your organization's Manage → SCIM Provisioning page:
Select the Enable SCIM checkbox and take note of your SCIM URL and SCIM API Key. You will need to use both values in a later step.
Create a JumpCloud app
If you are already using this IdP for login with SSO, open that existing application and skip to this step. Otherwise, proceed with this section to create a new application.
In the JumpCloud Portal, select SSO from the menu and select the Add icon:
Bitwarden in the search box and select the configure button:
In the General Info tab, give the application a Bitwarden-specific name.
If you plan on using JumpCloud for single sign-on, select the SSO tab and setup SSO with these instructions. When you are done, or if you are skipping SSO for now, select the activate button and complete the confirmation modal.
Re-open the application and navigate to the Identity Management tab. On this screen, configure the following information:
|API Type||Select SCIM API.|
|SCIM Version||Select SCIM 2.0.|
|Base URL||Enter the SCIM URL (learn more).|
|Token Key||Enter the SCIM API Key (learn more).|
|Test User Email||Enter an email address that JumpCloud can use to test the integration.|
Once you have configured these fields, select the Test Connection button. Once the test comes back successfully, select Activate.
Before leaving this page, toggle on the Enable management of User Groups and Group Membership in this application option and select Save.
In the User Groups tab, select the Groups you would like to provision in Bitwarden. Once you select the Save button, provisioning according to this specification will begin immediately.
Finish User Onboarding
The Invite → Accept → Confirm workflow facilitates the decryption key handshake that allows users to securely access organization vault data.