Skip to main content
Question

SSO and SCIM Provisioning with different mail and user principal name

K

Hello,
I am trying to figure out how I need to configure SCIM Provisioning in Microsoft Entra in case the user principal name (upn) is not the same as the “mail” attribute.

Our company has multiple top-level domains. In this case the global domain, used as user principal name is always example**.com**. The user attribute “mail” is based on the top level domain of the user location, like example**.de** or example**.com**.

After configuring SCIM provisioning for my users, they are shown in the UI, but after logging in with their mail or upn, the SCIM provisioning state of the user is stuck at “pending scim”. The shown mail address is the upn domain example**.com**.

image

I followed these instructions to setup SCIM provisioning:

Figma Learn - Help Center

6 replies

J
Figmate
  • Junko3
  • Figmate
  • 1827 replies
  • January 16, 2024

Hi there, Thanks for reaching out and appreciate for explaining the details!
Usually, “Pending SCIM” appears next to users who have been provisioned via SCIM but haven’t logged into their accounts yet. Once a user logs into their account in Figma, “Pending SCIM” disappears.

If you still see “Pending SCIM” after the user logs into their account in Figma, I suggest to reach out to our support team directly from here: https://help.figma.com/hc/en-us/requests/new
So that they can take a closer look!

Thanks,

K

Hello @Junko3,
yes it still shows “Pending SCIM” after logging in.
I will reach out to the support.

J
Figmate
  • Junko3
  • Figmate
  • 1827 replies
  • January 17, 2024

Hello Kockmeyer_Florian, Thanks for replying! I confirmed that we received your ticket in our backend (ticket#: 896216) and our support team is currently working on it. Appreciate your patience in the meantime!

J
Figmate
  • Junko3
  • Figmate
  • 1827 replies
  • March 22, 2024

A post was split to a new topic: Is the pending SCIM the only option we have for SCIM?

Lundqvist_Niklas

Hi, We are experiencing same problem. Is this still on the backlog or is there some solution or workaround for this?

Tyler Lee
  • Tyler Lee
  • New Member
  • 1 reply
  • March 26, 2025

We are also experiencing this issue. A quick rundown of the specifics on our end:

  • Existing Figma user was erroneously deactivated in our Active Directory and Okta system, hence removing them automatically from Figma as our instance is configured to automatically run SCIM rules with its Okta SSO integration
  • User was reactivated in AD and Okta and access restored to most other third-party apps connected to Okta
  • New invite was sent to user from Figma
  • User received invite, followed link and attempted to login but gets error message stating: “status: 422, message: ‘User xxx.xxx@xxx.com cannot join the org - they are not provisioned”...

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings