--- title: Figma SCIM API Integration on Truto slug: figmascim category: Default canonical: "https://truto.one/integrations/detail/figmascim/" --- # Figma SCIM API Integration on Truto **Category:** Default **Status:** Beta ## Unified APIs ### Unified User Directory API - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Figma SCIM account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Figma SCIM.** The Proxy API is a 1-to-1 mapping of the Figma SCIM API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate Figma license cost optimization** — SaaS companies building SaaS management or FinOps platforms can pull Figma's user directory via SCIM and cross-reference activity data to automatically downgrade inactive Editor seats to Viewer, saving enterprise customers thousands in unused licenses. - **Enforce just-in-time access provisioning for Figma** — Identity governance platforms can offer time-bound Figma seat provisioning — granting Dev Mode or Editor access on demand and automatically revoking it after a defined period — eliminating permanent license waste. - **Continuous compliance monitoring for offboarded employees** — Compliance and audit platforms can ingest the Figma user directory daily, compare it against HRIS termination lists, and flag or auto-remediate orphaned accounts that still have active access to proprietary design assets. - **Centralized user directory sync across SaaS apps** — IT management platforms can treat Figma SCIM as one node in a broader user directory sync, ensuring employee profiles, group memberships, and entitlements stay consistent across dozens of enterprise applications from a single pane of glass. - **Shadow IT and orphaned account detection** — Security platforms can surface Figma accounts that exist outside of sanctioned provisioning workflows by comparing SCIM directory data against the organization's identity provider, catching rogue or forgotten accounts before auditors do. ## What you can build - **Automated seat harvesting dashboard** — Build a view that identifies inactive Figma Editor seats and lets admins bulk-downgrade them to Viewer with a single click using SCIM user updates. - **Real-time offboarding deprovisioning workflow** — Trigger automatic Figma account deactivation the moment an employee is marked as terminated in an upstream HRIS or identity provider. - **Time-bound Dev Mode access grants** — Ship a self-service request flow where developers get temporary Figma Dev Mode access that auto-expires after a configurable number of days. - **Figma-to-HRIS user reconciliation report** — Generate a compliance-ready report that highlights mismatches between active Figma users and the canonical employee directory, flagging orphaned or unauthorized accounts. - **Group-based workspace provisioning** — Allow IT admins to map organizational teams to Figma Groups so that new hires are automatically placed into the correct design workspaces on day one. - **Entitlement audit trail** — Log every SCIM-driven permission change — Editor grants, Viewer downgrades, Dev Mode toggles — into an immutable audit log for SOC 2 and ISO 27001 evidence collection. ## FAQs ### How does authentication work for Figma SCIM? Figma SCIM uses a dedicated SCIM API Token generated in the Figma Admin Settings under 'Login and provisioning.' Your end users also need to provide their Tenant ID, which is derived from their SAML SSO configuration. This is separate from Figma's standard REST API authentication. ### Which Figma plans support SCIM? Full SCIM provisioning and seat management is only available on Figma's Enterprise Plan (approximately $90/user/month). Organizations on lower tiers cannot generate SCIM tokens or use these endpoints. ### What user attributes can be managed through Figma SCIM? You can perform standard CRUD operations on user profiles (create, read, update, deactivate). Figma's SCIM schema also exposes entitlement-specific attributes like figmaPermission, figjamPermission, and devModePermission, allowing programmatic seat management. However, Admin privileges cannot be granted via SCIM — those must be set manually. ### Does Truto have pre-built Unified API support for Figma SCIM? Figma SCIM is mapped to Truto's Unified User Directory API for the Users resource. Additional tools and resources can be built on request to cover specific workflows your product requires. ### Can I manage Figma Groups through SCIM? Yes, Figma SCIM supports Group endpoints, allowing you to add or remove users from Groups programmatically. This is useful for controlling which workspaces and projects users can access based on team membership. ### What happens when a user is deactivated via SCIM? Setting a user's 'active' attribute to false performs a soft delete — the user loses access to the Figma organization and their seat is freed up, but their account and associated data are not permanently destroyed. This is the standard approach for offboarding workflows.