localskills.sh implements the SCIM 2.0 protocol for automated user lifecycle management. It works with Okta, Azure AD, OneLogin, and any other SCIM 2.0–compliant identity provider.

Configuring SCIM requires the team owner role.

SCIM base URL

https://localskills.sh/api/tenants/{tenantId}/scim/v2

Generate a SCIM Bearer token from your team's SSO & SCIM settings page. Tokens use the scim_ prefix and are displayed only once at creation time.

You can set an optional expiry period in days. Configure the token as Bearer authentication in your identity provider's SCIM integration.

Your identity provider pushes create, update, and delete events to the SCIM endpoint. New users are assigned the member role by default. Deactivated users are automatically removed from the team.

Supported SCIM attributes:

• userName — email address
• name.formatted — display name
• externalId — IdP identifier
• active — account status

Your identity provider can push SCIM groups to localskills.sh. Groups are mapped to team roles, and a user's effective role is recalculated whenever group membership changes.

Map SCIM groups to one of the available roles: admin, member, or viewonly. The owner role cannot be assigned via group mapping.

When a user belongs to multiple groups, the highest-privilege role wins. Manage group mappings from your team dashboard under Group Mappings.