LogoLogo
  • Poggio Overview
  • Concepts
    • Poggio 101
    • The Poggio Enterprise Model
  • Journeys
    • Getting Started with Poggio
    • Workspace Tailoring
    • SSO Configuration Using SAML 2.0 for Enterprise Admins
    • Provision Users with SCIM
  • AI Products Q&A
  • Security FAQ
  • Slack App
  • ⚖️Legal
    • Terms of Service
    • Acceptable Use Policy
    • Privacy Policy
    • Data Processing Addendum
  • 🤖API
    • Robots
Powered by GitBook
On this page
  • Overview
  • Prerequisites
  • Step 1: Generate a SCIM API Key
  • Step 2: Configure the IdP
  • Okta
  • Step 3: Trigger a Sync
  1. Journeys

Provision Users with SCIM

This guide is designed to help enterprise administrators setup SCIM on their existing SSO config.

Last updated 10 months ago

You can provision and manage users on enterprise-enabled Poggio workspaces through System for Cross-domain Identity Management (SCIM) API standard.

Overview

Poggio supports the .

With SCIM, you can:

  • Automatically provision and de-provision users to your Poggio enterprise. (Users are always provisioned to the default workspace of the SAML config in use.)

  • Sync users’ names to Poggio.

Poggio supports provisioning users from your identity provider (IdP.)

Poggio does not support:

  • Group provisioning (Poggio currently does not have a concept of groups)

  • Importing users from Poggio

  • Password syncs

Prerequisites

  • You must have a .

  • Your IdP must support SAML 2.0.

Step 1: Generate a SCIM API Key

In the enterprise settings page, enterprise admins have the ability to generate a SCIM key.

This key grants access to the Poggio SCIM endpoints for that enterprise.

Step 2: Configure the IdP

Okta

  1. Under the “General” settings, Enable “Provisioning” for the Poggio Okta app:

  2. Under the “Provisioning” settings, enter the following information on the “Integrations” tab:

    • Unique identifier field for users: userName

    • Supported provisioning actions:

      • Check Push New Users

      • Check Push Profile Updates

    • Authentication Mode: HTTP Header

    • Authorization: <paste the SCIM key from the enterprise settings>

  3. Under the “Provisioning” settings, setup the following on the “To App” tab:

    • Create User: check Enable

    • Update User Attributes: check Enable

    • Deactivate Users: check Enable

Step 3: Trigger a Sync

Also found on the "To App" provisioning page is a Poggio Attribute Mappings section. You can trigger a sync to ensure that users’ names are propagated. Poggio supports two fields (all others are ignored):

  • userName: this represents the email of the user.

  • displayName: this is typically the users’ full name.

    • Poggio also supports name.formatted for the same information if displayName is not present.

SCIM connector base URL:

SCIM 2.0 standard
Poggio enterprise
You have the Poggio already configured for SAML 2.0 on your IdP.
https://api.poggio.io/scim/v2/
Okta General Settings
Okta Provisioning Settings, Integration
Okta Provisioning Settings, To App
Okta General Settings
Okta Provisioning Settings