--- title: Notion SCIM API Integration on Truto slug: notionscim category: User Directory canonical: "https://truto.one/integrations/detail/notionscim/" --- # Notion SCIM API Integration on Truto **Category:** User Directory **Status:** Beta ## Unified APIs ### Unified User Directory API - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Notion SCIM account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Notion SCIM.** The Proxy API is a 1-to-1 mapping of the Notion SCIM API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate employee provisioning and deprovisioning in Notion** — HR and IT automation platforms can sync user lifecycle events directly to Notion's SCIM API, ensuring new hires get instant workspace access on Day 1 and terminated employees are immediately locked out — with active sessions killed on the spot. - **Detect orphaned Notion licenses and shadow accounts** — SaaS management platforms can pull the full list of active Notion users via SCIM and reconcile it against a company's master directory, surfacing costly orphaned Enterprise licenses and users who were manually invited outside of IT governance. - **Power quarterly User Access Reviews for SOC 2 compliance** — Access governance tools can read Notion users and group memberships through SCIM, present them to managers for review, and instantly deactivate accounts that fail the audit — closing the loop between detection and remediation. - **Trigger instant Notion lockdown from security playbooks** — Zero-trust and security orchestration platforms can revoke Notion access in seconds when a compromised endpoint or anomalous behavior is detected, leveraging SCIM's ability to terminate all active sessions upon deactivation. - **Map organizational groups to Notion Teamspaces automatically** — Identity and IT workflow platforms can use SCIM group management to ensure department-level groups stay in sync with Notion, so employees automatically see the right Teamspaces without manual configuration. ## What you can build - **One-click Day 1 Notion provisioning** — Provision new hires into Notion with correct name, title, and group assignments the moment an onboarding workflow is triggered, bypassing email invites entirely. - **Real-time session-killing offboarding** — Deactivate a departing employee's Notion account and immediately terminate all their active web and mobile sessions as part of an automated offboarding flow. - **Notion license reconciliation dashboard** — Pull all active Notion users on a recurring schedule and compare against your platform's directory to surface orphaned accounts, out-of-band invites, and wasted Enterprise seat spend. - **Group-to-Teamspace sync engine** — Automatically create, update, and remove Notion SCIM groups that map to organizational units, ensuring Teamspace access stays aligned with department changes. - **Compliance-ready access review workflows** — Generate a reviewable snapshot of every Notion user and their group memberships for quarterly User Access Reviews, with one-click revocation that executes via SCIM. - **Cross-app emergency access lockdown** — Include Notion in a multi-app deactivation playbook that revokes user access across all connected SaaS tools in a single orchestrated action. ## FAQs ### Which Notion plans support SCIM provisioning? Notion SCIM is exclusively available on the Enterprise Plan. Workspaces on Free, Plus, or Business plans cannot use the SCIM API. ### How does authentication work for Notion's SCIM API? Notion SCIM uses a bearer token (SCIM API token) generated by a Workspace Owner in Notion's Enterprise settings. This token is passed in the Authorization header for all SCIM requests. ### What happens when a user is deactivated via SCIM? Setting a user's 'active' attribute to false removes them from the workspace and immediately terminates all active web and mobile sessions, preventing any further access to workspace data. ### Can I provision users without sending email invites? Yes. Creating a user via the SCIM POST /Users endpoint adds them directly to the workspace without generating an email invite link, which is ideal for organizations that disable invite-based onboarding for security reasons. ### What user attributes can be managed through Notion SCIM? You can manage standard SCIM attributes including givenName, familyName, email, title, and active status. Profile photos can be set on initial creation but are currently ignored on subsequent update requests. ### Is the Notion SCIM integration available as a pre-built Truto connector? Notion SCIM is available through Truto's Unified User Directory API. The integration is built on request — contact Truto to get it enabled for your account, and you can start reading and managing Notion users through the unified Users API.