November 20, 2025 - Automated User Provisioning (AUP)
Real-time identity synchronization from your IdP to CoreWeave IAM
Release SecurityOverview
Automated User Provisioning (AUP) enables real-time synchronization of user and group data from your Identity Provider (IdP) to CoreWeave IAM using SCIM (System for Cross-domain Identity Management). Changes to user permissions, additions, or removals made in your IdP are reflected immediately in the Cloud Console, eliminating the need for manual updates or waiting for SAML SSO login events.
While SAML SSO supports Just-In-Time (JIT) provisioning where accounts are created on first login, AUP goes further by syncing entire directories in real time. Users and groups appear automatically in the Cloud Console without needing individual invitations or first-time logins via SAML.
Features
SCIM-based identity federation
AUP uses the SCIM open standard to ensure efficient and accurate user management. CoreWeave implements one-way synchronization where your IdP is the source of truth, and data flows only from the IdP to the Cloud Console.
- Real-time sync: User changes in your IdP appear immediately in CoreWeave IAM
- Automatic provisioning and deprovisioning: No need for manual user invitations or account cleanup
- Group membership sync: Sync entire directories including group definitions and memberships
- Profile updates: Automatically sync first name, last name, active status, and custom attributes
Supported Identity Providers
AUP supports enterprise-grade identity providers:
- Okta: Full support for user provisioning, group push, and force sync
- Microsoft Entra: Complete integration with provisioning and attribute mapping
Use with SUNK user provisioning
Combine AUP with SUNK User Provisioning to create an end-to-end identity pipeline from your IdP to POSIX and Slurm identities in your SUNK clusters.
Learn more: