diff --git a/macros/audit-trail/iam-endpoints.mdx b/macros/audit-trail/iam-endpoints.mdx
index f52d6b8352..505d183fa4 100644
--- a/macros/audit-trail/iam-endpoints.mdx
+++ b/macros/audit-trail/iam-endpoints.mdx
@@ -40,4 +40,6 @@ macro: adt-iam-endpoints
     - DeletePolicy (`DELETE /iam/v1alpha1/policies/{policy_id}`)
     - ClonePolicy (`POST /iam/v1alpha1/policies/{policy_id}/clone`)
     - SetRules (`PUT /iam/v1alpha1/rules`)
+
+    If SCIM is enabled in your Organization, all calls performed by the Identity Provider will also appear on Audit Trail, using the same APIs as regular actions.
 </Accordion>
\ No newline at end of file
diff --git a/pages/iam/how-to/manage-users-with-scim.mdx b/pages/iam/how-to/manage-users-with-scim.mdx
new file mode 100644
index 0000000000..3bfb3f33e6
--- /dev/null
+++ b/pages/iam/how-to/manage-users-with-scim.mdx
@@ -0,0 +1,88 @@
+---
+title: How to manage users with SCIM
+description: Learn how to automatically provision and edit users from your Identity Provider using SCIM
+dates:
+  validation: 2026-02-05
+  posted: 2026-02-05
+---
+import Requirements from '@macros/iam/requirements.mdx'
+
+**S**ystem for **C**ross-domain **I**dentity **M**anagement (SCIM) is a standard protocol for exchanging user identity and authorization data between an Identity Provider (IdP) and a Service Provider.
+
+Combined with [SAML](/iam/how-to/set-up-identity-federation), it allows IAM managers to fully manage user authentication, lifecycle, and personal data through their Identity Provider:
+- SAML is used for members to log in by authenticating on their Identity Provider with the IdP-defined authentication policies 
+- SCIM is used to automatically create, update, lock, unlock, and delete Scaleway users based on actions performed on the user directory of the Identity Provider
+
+<Message type="important">
+  This feature is in the **Early Access** phase and is only available to some Organizations.
+</Message>
+
+<Message type="important">
+  Only SCIM user-related actions are currently supported by Scaleway. Group auto-provisioning is planned for availability in the coming months.
+</Message>
+
+<Requirements />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+
+## How to enable SCIM
+
+1. Click the **Settings** button in the upper-right corner of the Organization Dashboard. The [Organization Settings](https://console.scaleway.com/settings) page displays.
+  Alternatively, click the avatar icon in the upper-right corner of the header navigation, then select **Settings** on the drop-down menu.
+2. Click **Automatic user provisioning (SCIM)**, under **Organization security**, on the left navigation menu. The SCIM section displays.
+3. Click the **Enable** button. A pop-up displays, informing you that a token creation is required to enable SCIM.
+4. Click the **Enable SCIM and create token** button. SCIM is now enabled for the Organization, and two fields are displayed and must be copied:
+- A **SCIM token**, which is used by the Identity Provider to authenticate to Scaleway and perform the necessary actions. This token is **sensitive** and should not be shared with anyone.
+- A **base URL**, which is used by the Identity Provider to locate the Scaleway account to which connect.
+
+<Message type="important">
+  Both the SCIM token and the base URL are important pieces of information that are only displayed once. Copy and safely store them before closing the pop-up. **You will need them to set up SCIM with your Identity Provider.**
+</Message>
+
+5. Click **Close**.
+   The configuration is complete on the Scaleway side, but you now need to carry out the SCIM setup on your Identity provider.
+   
+<Message type="note">
+      To ensure the correct SCIM configuration, you can perform actions such as changing a name or creating a user directly on your Identity Provider. You should then see:
+      - The impacts reflected on your Scaleway [users](https://console.scaleway.com/iam/users)
+      - The update events listed in the Paris region of your [Audit Trail dashboard](https://console.scaleway.com/audit-trail/fr-par/events)
+</Message>
+
+<Message type="important">
+      By default, SCIM manages users only if their usernames match between the Identity Provider and Scaleway. The federation **compares users from both sources**, and users not found in the Identity Provider are not impacted by SCIM configuration.
+      If you wish to manage not-found users via SCIM, you must re-create them on the Identity Provider or change settings on the Identity Provider side.
+</Message>
+
+Depending on the provider, changes might take from a few seconds to up to 30 minutes to be synchronized. This delay cannot be modified by Scaleway.
+
+## How to rotate a SCIM token
+
+You can have up to two active SCIM tokens at a time. To create a second token:
+
+1. Click the **Settings** button in the upper-right corner of the Organization Dashboard. The [Organization Settings](https://console.scaleway.com/settings) page displays.
+2. Click **Automatic user provisioning (SCIM)**, under **Organization security**, on the left navigation menu. The SCIM section displays.
+3. Click **Generate token**. A pop-up displays.
+4. Follow the same steps for [first enabling SCIM](/iam/how-to/manage-users-with-scim/#how-to-enable-scim).
+
+<Message type="important">
+  Ensure to replace the previous SCIM token with the new one on your Identity Provider.
+</Message>
+
+5. Check if the SCIM configuration is still working.
+
+   Optionally, you can delete the previous token if no longer necessary.
+
+<Message type="note">
+      SCIM tokens have a time-to-live of 1 year. When a token expires, it can no longer be used to provision users, and a new token must be created to keep SCIM synchronization working.
+</Message>
+
+## How to disable SCIM
+
+1. Click the **Settings** button in the upper-right corner of the Organization Dashboard. The [Organization Settings](https://console.scaleway.com/settings) page displays.
+2. Click **Automatic user provisioning (SCIM)**, under **Organization security**, on the left navigation menu. The SCIM section displays.
+3. Click the **Disable** button.
+4. Type **Disable** to confirm.
+    <Message type="important">
+      If SCIM is disabled on Scaleway, your Identity Provider will no longer be able to perform any actions on users, even if the configuration is correctly done on this side.
+    </Message>
diff --git a/pages/iam/menu.ts b/pages/iam/menu.ts
index 23feb647c2..60f5920ca8 100644
--- a/pages/iam/menu.ts
+++ b/pages/iam/menu.ts
@@ -50,7 +50,11 @@ export const iamMenu = {
           label: 'Set up SSO with Authentik',
           slug: 'set-up-sso-with-authentik'
         },
-            {
+        {
+          label: 'Set up automatic user provisioning with SCIM',
+          slug: 'manage-users-with-scim'
+        },
+        {
           label: 'Set and manage credential maximum duration',
           slug: 'set-credentials-maximum-duration'
         },