Provision Users with SCIM

You can provision and manage users on enterprise-enabled Poggio workspaces through System for Cross-domain Identity Management (SCIM) API standard.

Overview

Poggio supports the .

With SCIM, you can:

• Automatically provision and de-provision users to your Poggio enterprise. (Users are always provisioned to the default workspace of the SAML config in use.)

• Sync users’ names to Poggio.

Poggio supports provisioning users from your identity provider (IdP.)

Poggio does not support:

• Group provisioning (Poggio currently does not have a concept of groups)

• Importing users from Poggio

• Password syncs

Prerequisites

• You must have a .

• Your IdP must support SAML 2.0.

Step 1: Generate a SCIM API Key

In the enterprise settings page, enterprise admins have the ability to generate a SCIM key.

This key grants access to the Poggio SCIM endpoints for that enterprise.

Step 2: Configure the IdP

Okta

1. Under the “General” settings, Enable “Provisioning” for the Poggio Okta app:

2. Under the “Provisioning” settings, enter the following information on the “Integrations” tab:

   • Unique identifier field for users: userName

   • Supported provisioning actions:

     • Check Push New Users

     • Check Push Profile Updates

   • Authentication Mode: HTTP Header

   • Authorization: <paste the SCIM key from the enterprise settings>

3. Under the “Provisioning” settings, setup the following on the “To App” tab:

   • Create User: check Enable

   • Update User Attributes: check Enable

   • Deactivate Users: check Enable

Step 3: Trigger a Sync

Also found on the "To App" provisioning page is a Poggio Attribute Mappings section. You can trigger a sync to ensure that users’ names are propagated. Poggio supports two fields (all others are ignored):

• userName: this represents the email of the user.

• displayName: this is typically the users’ full name.

  • Poggio also supports name.formatted for the same information if displayName is not present.