SCIM-provisioned users and groups should be assignable to Organizations on provisioning (default or configurable)

Feature: Users and groups provisioned via SCIM can be automatically assigned to the intended Organization

Description: We are using Auth0 Organizations with enterprise connections, and we have a gap that affects SCIM-based onboarding. SCIM is meant to provision users and groups ahead of first login, so downstream systems can work with a complete identity dataset immediately. Today, SCIM can create users in the tenant, but those users are not organization members unless they later log in (or are assigned through separate API flows). This breaks the expected “pre-provisioned and ready” model.

Please add native support so that users provisioned via SCIM can be automatically assigned to the intended Organization, either:

  • As a default platform behavior, or
  • As a tenant/connection/organization-level configuration toggle (recommended).
    Suggested behavior:

On SCIM user creation, assign the user to the mapped Organization automatically.
Keep this optional/configurable for backward compatibility.
Ensure this works without requiring first login or custom post-processing pipelines.
Business impact:
This would significantly reduce implementation complexity, remove brittle custom automation, and better align Auth0 Organizations with enterprise SCIM provisioning expectations.

Use-case:

  • SCIM’s core value is pre-creation of users and groups before first login.
  • Customers provision users/groups on their own timeline, and we do not control when (or if) users first authenticate.
  • Post User Registration Actions are not a viable fix for SCIM users, since that trigger is for Database/Passwordless sign-ups and does not run for SCIM-provisioned users.
  • We are forced into complex workarounds (event stream + custom handler + Management API assignment) just to achieve deterministic organization membership.

Hi @MIvanenko

Welcome to the Auth0 Community!

Thank you for submitting this feedback card, remember to upvote it in order to bring more attention to the requested feature!

Otherwise, there is a backlog item addressing SCIM provisioning in order to offer more control over group management, however, it does not have an ETA associated with it at this time.

Kind Regards,
Nik