Directory Sync (SCIM) lets you manage your Jamie workspace membership directly from your identity provider (IdP). When it’s enabled, Jamie automatically creates, updates, and deprovisions accounts as people join, change, or leave in your directory — and can assign each person the right workspace role.
Directory Sync is available on the Enterprise plan and is compatible with Microsoft Entra ID, Google Workspace, Okta, and any SCIM 2.0-compliant directory.
Set up Directory Sync
- Go to Settings → Security in Jamie
- Click Configure next to Directory Connection Settings
- Select your directory provider and follow the on-screen instructions to connect it
The setup wizard provides the endpoint URL and bearer token to enter in your IdP, with step-by-step instructions for each supported provider.
If you also use SSO, set up Single sign-on and domain verification first — they share the same Settings → Security page. How provisioning works
Once Directory Sync is connected, your IdP becomes the source of truth for who belongs to the workspace:
- New users in your directory are automatically added to the Jamie workspace (and a Jamie account is created if they don’t have one).
- Updates to a user’s name or status sync automatically.
- Removing or deactivating a user in your directory deprovisions them from the workspace and signs them out.
While Directory Sync is active, you manage membership from your IdP — manual invites in Jamie are disabled to keep the two in sync.
Assigning roles
Every provisioned user is a Member by default. To grant someone the Admin role, configure role assignment in your directory. There are two ways to do this.
Option 1 — Map a group to a role (recommended)
Works for Microsoft Entra ID, Google Workspace, and other SCIM directories.
- Create (or choose) a group in your IdP for your Jamie admins — for example, Jamie Admins.
- During Directory Sync setup, in the role-assignment step, map that group to the Admin role.
- Add your administrators to the group.
Anyone in the mapped group is provisioned and kept in sync as an Admin. Remove someone from the group and they return to Member on the next sync.
Option 2 — Use the jamie_role attribute
If you’d rather drive the role from a user attribute than a group, map the jamie_role attribute during setup and set it on each user.
jamie_role value | Resulting role |
|---|
admin | Admin |
member (or unset) | Member |
jamie_role are present, Admin from either source wins.
Your IdP’s own administrator status is not used to assign Jamie roles. For example, a Google Workspace “Super Admin” is not automatically a Jamie admin — Jamie only applies the group or jamie_role mapping you configure. If you configure neither, everyone is provisioned as a Member.
Role safeguards
- Member by default. An unrecognized or missing role always falls back to Member, so admin access is never granted by accident.
- Roles stay in sync. Changing a user’s group membership or
jamie_role promotes or demotes them automatically on the next sync.
- The last admin is protected. Directory Sync will never remove the last remaining admin from a workspace, so a misconfiguration can’t lock your team out.
Questions?
If you run into any issues during setup, reach out to your account manager. 
