Skip to main content

SCIM with haimaker

Enterprise: SCIM support requires a premium license.

Enables identity providers (Okta, Azure AD, OneLogin, etc.) to automate user and team (group) provisioning, updates, and deprovisioning on haimaker.

This tutorial will walk you through the steps to connect your IDP to haimaker SCIM Endpoints.

Supported SSO Providers for SCIM

Below is a list of supported SSO providers for connecting to haimaker SCIM Endpoints.

  • Microsoft Entra ID (Azure AD)
  • Okta
  • Google Workspace
  • OneLogin
  • Keycloak
  • Auth0

1. Get your SCIM Tenant URL and Bearer Token

On haimaker, navigate to the Settings > Admin Settings > SCIM. On this page you will create a SCIM Token, this allows your IDP to authenticate to litellm /scim endpoints.

2. Connect your IDP to haimaker SCIM Endpoints

On your IDP provider, navigate to your SSO application and select Provisioning > New provisioning configuration.

On this page, paste in your litellm scim tenant url and bearer token.

Once this is pasted in, click on Test Connection to ensure your IDP can authenticate to the haimaker SCIM endpoints.

3. Test SCIM Connection

3.1 Assign the group to your haimaker Enterprise App

On your IDP Portal, navigate to Enterprise Applications > Select your litellm app



Once you've selected your litellm app, click on Users and Groups > Add user/group


Now select the group you created in step 1.1. And add it to the haimaker Enterprise App. At this point we have added Production LLM Evals Group to the haimaker Enterprise App. The next step is having haimaker automatically create the Production LLM Evals Group on the haimaker DB when a new user signs in.

3.2 Sign in to haimaker UI via SSO

Sign into the haimaker UI via SSO. You should be redirected to the Entra ID SSO page. This SSO sign in flow will trigger haimaker to fetch the latest Groups and Members from Azure Entra ID.

3.3 Check the new team on haimaker UI

On the haimaker UI, Navigate to Teams, You should see the new team Production LLM Evals Group auto-created on haimaker.

Note: When a user is removed from your organization via SCIM, all API keys and access tokens associated with that user will be automatically deleted from LiteLLM. This ensures that removed users lose all access immediately and securely.