Coding agents: Add SCIM directory sync to your app

Use AI coding agents like Claude Code, GitHub Copilot CLI, Cursor, and OpenCode to add Scalekit’s Modular SCIM directory sync to your applications. This guide shows you how to configure these agents so they analyze your codebase, apply SCIM patterns, and generate production-ready code for user provisioning, deprovisioning, and lifecycle management that follows security best practices and reduces implementation time from hours to minutes.

Claude Code

1. Add the Scalekit Auth Stack marketplace

   Not yet on Claude Code? Follow the official quickstart guide to install it.

   Register Scalekit’s plugin marketplace to access pre-configured SCIM skills. This marketplace provides context-aware prompts and implementation guides that help coding agents generate correct directory sync code.

   Start the Claude Code REPL:

   Terminal

   claude

   Then add the marketplace:

   Claude REPL

   /plugin marketplace add scalekit-inc/claude-code-authstack

   When the marketplace registers successfully, you’ll see confirmation output:

   Terminal

   ❯ /plugin marketplace add scalekit-inc/claude-code-authstack
      ⎿  Successfully added marketplace: scalekit-auth-stack

   The marketplace provides specialized SCIM plugins that understand directory sync patterns and webhook security requirements. These plugins guide the coding agent to generate implementation code that matches your project structure.

   To remove the Scalekit Auth Stack marketplace, use the uninstall command:

   Claude REPL

   /plugin marketplace remove scalekit-auth-stack

2. Enable SCIM plugins

   Select which directory sync capabilities to activate in your development environment. Each plugin provides specific skills that the coding agent uses to generate SCIM webhook handling code.

   Directly install the specific plugin:

   Claude REPL

   /plugin install modular-scim@scalekit-auth-stack

   Alternative: Enable SCIM plugins via plugin wizard

   Run the plugin wizard to browse and enable available plugins:

   Claude REPL

   /plugins

   Navigate through the visual interface to enable the Modular SCIM plugin.

   Auto-update recommendations

   Enable auto-updates for SCIM plugins to receive security patches and improvements. Scalekit regularly updates plugins based on community feedback and security best practices.

3. Generate SCIM implementation

   Use a structured prompt to direct the coding agent. A well-formed prompt ensures the agent generates complete, production-ready SCIM code that includes all required security components.

   Copy the following prompt into your coding agent:

   SCIM implementation prompt

   Guide the coding agent to add Scalekit SCIM directory sync to my app — set up the webhook endpoint to receive SCIM events, validate the webhook signature, and handle user provisioning and deprovisioning events to create, update, and delete users in my database. Code only.

   When you submit this prompt, Claude Code loads the Modular SCIM skill from the marketplace -> analyzes your existing application structure -> generates a webhook endpoint to receive SCIM events from Scalekit -> implements webhook signature validation to prevent unauthorized requests -> creates handlers for user provisioning events (create and update) -> adds deprovisioning logic to delete or deactivate users in your database.

   Review generated code

   Always review AI-generated SCIM code before deployment. Verify that webhook signature validation, event handling logic, and database operations match your security requirements. The coding agent provides a foundation, but you must ensure it aligns with your application’s specific needs.

4. Verify the implementation

   After the coding agent completes, verify that all SCIM components are properly configured:

   Check generated files:

   • Webhook endpoint that receives SCIM events from Scalekit (you may need to set up a .env file with your Scalekit webhook secret)
   • Webhook signature validation to authenticate incoming requests
   • User provisioning handler that creates or updates users in your database
   • Deprovisioning handler that deletes or deactivates users when they are removed from the identity provider

   The SCIM flow should receive webhook events from Scalekit when users are added, updated, or removed in the connected identity provider. Your application should validate each event’s signature, then apply the corresponding change to your user database.

When directory sync is active, user lifecycle changes in the identity provider propagate automatically to your application. Verify that provisioning events correctly create or update users, and that deprovisioning events properly remove or deactivate accounts.

GitHub Copilot CLI

1. Add the Scalekit authstack marketplace

   Need to install GitHub Copilot CLI? See the getting started guide — an active GitHub Copilot subscription is required.

   Register Scalekit’s plugin marketplace to access pre-configured SCIM plugins. This marketplace provides implementation skills that help GitHub Copilot generate correct directory sync code.

   Terminal

   copilot plugin marketplace add scalekit-inc/github-copilot-authstack

   The marketplace provides specialized plugins that understand directory sync patterns and webhook security requirements. These plugins guide GitHub Copilot to generate implementation code that matches your project structure.

   To remove the Scalekit authstack marketplace, use the remove command:

   Terminal

   copilot plugin marketplace remove github-copilot-authstack

2. Install the Modular SCIM plugin

   Install the Modular SCIM plugin to give GitHub Copilot the skills needed to generate SCIM webhook handling code:

   Terminal

   copilot plugin install modular-scim@scalekit-auth-stack

   Verify the plugin is installed

   Confirm the plugin installed successfully:

   Terminal

   copilot plugin list

   Keep plugins updated

   Update SCIM plugins regularly to receive security patches and improvements:

   Terminal

   copilot plugin update modular-scim@scalekit-auth-stack

3. Generate SCIM implementation

   Use a structured prompt to direct GitHub Copilot. A well-formed prompt ensures the agent generates complete, production-ready SCIM code that includes all required security components.

   Copy the following command into your terminal:

   Terminal

   copilot "Add Scalekit SCIM directory sync to my app — set up the webhook endpoint to receive SCIM events, validate the webhook signature, and handle user provisioning and deprovisioning events to create, update, and delete users in my database. Code only."

   GitHub Copilot uses the Modular SCIM plugin to analyze your existing application structure, generate a webhook endpoint to receive SCIM events from Scalekit, implement webhook signature validation to prevent unauthorized requests, create handlers for user provisioning events (create and update), and add deprovisioning logic to delete or deactivate users in your database.

   Review generated code

   Always review AI-generated SCIM code before deployment. Verify that webhook signature validation, event handling logic, and database operations match your security requirements. The coding agent provides a foundation, but you must ensure it aligns with your application’s specific needs.

4. Verify the implementation

   After GitHub Copilot completes, verify that all SCIM components are properly configured:

   Check generated files:

   • Webhook endpoint that receives SCIM events from Scalekit (you may need to set up a .env file with your Scalekit webhook secret)
   • Webhook signature validation to authenticate incoming requests
   • User provisioning handler that creates or updates users in your database
   • Deprovisioning handler that deletes or deactivates users when they are removed from the identity provider

   The SCIM flow should receive webhook events from Scalekit when users are added, updated, or removed in the connected identity provider. Your application should validate each event’s signature, then apply the corresponding change to your user database.

When directory sync is active, user lifecycle changes in the identity provider propagate automatically to your application. Verify that provisioning events correctly create or update users, and that deprovisioning events properly remove or deactivate accounts.

Cursor

Scalekit Auth Stack is under review on Cursor Marketplace

The Scalekit Auth Stack plugin is currently under review and not yet live on cursor.com/marketplace. Once approved, you’ll be able to install it directly with an “Add to Cursor” button — no additional setup needed.

Until then, you can access all Scalekit plugins inside Cursor by registering the marketplace through Claude Code. Cursor automatically surfaces Claude Code plugins under Settings > Plugins.

1. Register the Scalekit Auth Stack marketplace

   Cursor surfaces Claude Code plugins in Settings > Plugins. If you haven’t installed Claude Code yet, follow the Claude Code quickstart first.

   Open the Claude Code REPL:

   Terminal

   claude

   Then add the Scalekit marketplace:

   Claude REPL

   /plugin marketplace add scalekit-inc/claude-code-authstack

   When the marketplace registers successfully, you’ll see:

   Terminal

   ❯ /plugin marketplace add scalekit-inc/claude-code-authstack
      ⎿  Successfully added marketplace: scalekit-auth-stack

2. Open the plugin in Cursor

   Launch Cursor and go to Settings > Plugins. The Scalekit Auth Stack plugins appear here automatically — Cursor picks them up from Claude Code’s plugin registry.

   Select the authentication plugin you need (for example, Modular SSO, Full Stack Auth, or MCP Auth) and enable it.

3. Generate the implementation

   Open Cursor’s chat panel with Cmd+L (macOS) or Ctrl+L (Windows/Linux) and paste in an implementation prompt. Use the same prompt from the corresponding Claude Code tab — the Scalekit plugins and their authentication skills work identically in Cursor.

   Review generated code

   Always review AI-generated authentication code before deployment. Verify that environment variables, token validation logic, and error handling match your application’s security requirements.

4. Verify the implementation

   After Cursor finishes generating code, confirm all authentication components are in place:

   • Scalekit client initialized with your API credentials (set up a .env file with your Scalekit environment variables)
   • Authorization URL generation and callback handler
   • Session or token integration matching your application’s existing patterns

Once the Scalekit Auth Stack is live on cursor.com/marketplace, you can skip steps 1–2 entirely. A single click on the Add to Cursor button will install the plugin directly into Cursor, and it will appear immediately in Settings > Plugins.

Others

Support for additional coding agents is coming soon:

• OpenCode
• Windsurf
• Gemini CLI
• Amazon Q Developer

Join the Slack community to share feedback and get notified when support for your agent launches.

In the meantime, use the Claude Code tab — the implementation prompts work with any coding agent that supports custom instructions.

Beta program feedback

Scalekit’s Auth Stack marketplace is in public beta. Join the Slack community to share feedback and connect with other developers. Cursor is supported via the Claude Code plugin path. Support for OpenCode and other agents is coming soon.