.svg)
If your organization uses SCIM-based provisioning, groups from your Identity Provider (IdP) are automatically synced to Enpass. When you assign a group to the Enpass application in your IdP, it is created in the Enpass Admin Console along with its members — no manual group creation needed.
Prerequisites
SCIM provisioning must be configured before groups can be synced from your IdP. See:
How Group Sync Works
Once SCIM provisioning is configured, your IdP manages the group lifecycle in Enpass:
-
Creating a group — Assigning a group to the Enpass application in your IdP creates the corresponding group in Enpass.
-
Adding members — Adding a user to a provisioned group in your IdP adds them to the corresponding group in Enpass.
-
Removing members — Removing a user from a provisioned group in your IdP removes them from the group in Enpass.
Groups synced from an IdP are tagged with a SCIM label in the Groups list of the Admin Console.
Note: SCIM-synced groups cannot be renamed or deleted from the Enpass Admin Console. All group management must be done in your IdP and will sync to Enpass automatically. Manual changes to membership in the Admin Console may be overwritten on the next sync.
Applying Policies to Synced Groups
Synced groups can be used to apply targeted policy overrides to specific sets of users. For example, sync your IT Admins group from Entra ID and apply a stricter Enpass security policy to that group exclusively.
See Managing Group Policies to learn how to assign and override policies at the group level.