Provision Users with SCIM
Automate user provisioning with SCIM 2.0
You can provision and manage users on enterprise-enabled Poggio workspaces through System for Cross-domain Identity Management (SCIM) API standard.
Feature Support
Poggio supports the SCIM 2.0 standard and the following operations:
User provisioning and management
- Create and remove members in your workspace.
- Automatically provision and de-provision users to your Poggio enterprise. (Users are always provisioned to the default workspace of the SAML config in use.)
- Sync users' names to Poggio.
When creating users, ensure the "Application username format" is set to email.
Not Supported
- Group provisioning (Poggio currently does not have a concept of groups)
- Importing users from Poggio
- Password syncs
Prerequisites
- You must have a Poggio enterprise.
- Your IdP must support SAML 2.0.
- You have already configured SAML 2.0 on your IdP.
Step 1: Generate a SCIM API Key
In the enterprise settings page, enterprise admins have the ability to generate a SCIM key. You can access this page via Settings -> SSO (under the Enterprise section).
Hit the Create key button to generate the API key.
This key grants access to the Poggio SCIM endpoints for that enterprise.
Step 2: Configure the IdP
Okta
- In the
Sign-on Optionsview, selectEmailfor theApplication usernameformat on theSign On applicationtab. - Under the
Provisioningtab, selectConfigure API integration, and click on theEnable API integrationcheckbox. - Enter the SCIM API token you copied in Step 1 into the
API Tokentext box, and selectSave. - Click
Editnext toProvisioning to App, and enable your preferred features, then clickSave.
Attributes
Poggio supports the following attribute mappings:
User
email: this represents the email of the user.emailType: this is always "work".userName: this also represents the email of the user.displayName: this is typically the users' full name.- Poggio also supports
name.formattedfor the same information ifdisplayNameis not present.
- Poggio also supports
Known Issues
Poggio does not currently track names in piecemeal (e.g first and last names). Within Poggio givenName and familyName are always tracked together under displayName.