Skip to content

Provisioning Docs #2102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
NoyaOffer merged 1 commit into from
Feb 4, 2026
Merged

Provisioning Docs #2102

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 15 additions & 6 deletions docs/cloud/integrations/security-and-connectivity/ms-entra.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,20 @@ In order to enable SAML using Microsoft Entra ID (Previously Azure AD SSO), we n
## Provisioning

Elementary supports user provisioning via SCIM to automate user management. If you want to enable automatic provisioning, follow these steps:
- In the **Microsoft Entra portal**, go to **Enterprise Applications** and select the newly created SAML application.
- Navigate to **Provisioning** and click **Get Started**.
- Set the **Provisioning Mode** to **Automatic**.
- Configure the **Tenant URL** and **Secret Token** (email the Elementary team for a 1password vault with the configuration).
- Click **Test Connection** to validate the setup.
- Enable provisioning and save changes.
<Accordion title="Configure Provisioning in Elementary">
- Go to your account settings page in Elementary (Your avatar in the top right corner -> Account -> Settings)
- In the Provisioning section, click on "Configure"
- Choose "Azure AD", and click "Create" to create a new URL and token for provisioning
- DO NOT close this dialog until you have configured SCIM in Azure AD
</Accordion>

<Accordion title="Configure SCIM in Azure AD">
- In the **Microsoft Entra portal**, go to **Enterprise Applications** and select the newly created SAML application.
- Navigate to **Provisioning** and click **Get Started**.
- Set the **Provisioning Mode** to **Automatic**.
- Configure the **Tenant URL** and **Secret Token** - _value from Elementary Provisioning section_
- Click **Test Connection** to validate the setup.
- Enable provisioning and save changes.
</Accordion>

This setup ensures that users are automatically created, updated, and deactivated in Elementary based on their status in Microsoft Entra ID. You can always reach out if you need any help.
62 changes: 35 additions & 27 deletions docs/cloud/integrations/security-and-connectivity/okta.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,33 +89,41 @@ Please follow the steps below to configure an SSO connection in Elementary.

Please follow the steps below to configure SCIM provisioning within Elementary:

- First, you should receive a 1Password link from the Elementary team - this contain the SCIM endpoint and access token that should be configured in Okta.
- Under the **Elementary Data** app, go to the **General** tab, and click **Edit**. Then modify the **Provisioning** setting to **SCIM** and click **Save**.
<img src="https://res.cloudinary.com/do5hrgokq/image/upload/v1749030738/okta7_qukvm9.png" />
A new Provisioning tab should appear, click it and then click Edit.
<img src="https://res.cloudinary.com/do5hrgokq/image/upload/v1749030738/okta8_hg0vhe.png" />
- Please fill the following details:
- **SCIM connector base URL** - _value from 1password link above_
- **Unique identifier field for users** - email
- **Supported provisioning actions** - mark all the “Push” settings (New users, Profile updates and Groups).
- **Authentication Mode -** HTTP Header
- **Authorization** - _access token from 1password link above_

When you are done, click on **Test Connector Configuration**
<img src="https://res.cloudinary.com/do5hrgokq/image/upload/v1749030737/okta9_nooz3a.png" />
Ensure that all the marked provisioning actions were successful:
<img src="https://res.cloudinary.com/do5hrgokq/image/upload/v1749030738/okta10_ouhvea.png" />
- Click **Save** to update the provisioning configuration.
- Click the **To App** section on the left and click **Edit**:
<img src="https://res.cloudinary.com/do5hrgokq/image/upload/v1749030737/okta11_xgcyvi.png" />
- Please enable the settings:
- Create Users
- Update User Attributes
- Deactivate Users

And click **Save.**

<Info>If you already created an “Elementary Users” group under the Assignments tab in the previous section, you may want to remove and re-add it to ensure all the users there are created successfully in Elementary. </Info>
<Accordion title="Configure Provisioning in Elementary">
- Go to your account settings page in Elementary (Your avatar in the top right corner -> Account -> Settings)
- In the Provisioning section, click on "Configure"
- Choose "Okta", and click "Create" to create a new URL and token for provisioning
- DO NOT close this dialog until you have configured SCIM in Okta
</Accordion>

<Accordion title="Configure SCIM in Okta">
- Under the **Elementary Data** app, go to the **General** tab, and click **Edit**. Then modify the **Provisioning** setting to **SCIM** and click **Save**.
<img src="https://res.cloudinary.com/do5hrgokq/image/upload/v1749030738/okta7_qukvm9.png" />
A new Provisioning tab should appear, click it and then click Edit.
<img src="https://res.cloudinary.com/do5hrgokq/image/upload/v1749030738/okta8_hg0vhe.png" />
- Please fill the following details:
- **SCIM connector base URL** - _value from Elementary Provisioning section_
- **Unique identifier field for users** - email
- **Supported provisioning actions** - mark all the “Push” settings (New users, Profile updates and Groups).
- **Authentication Mode -** HTTP Header
- **Authorization** - _access token from Elementary Provisioning section_

When you are done, click on **Test Connector Configuration**
<img src="https://res.cloudinary.com/do5hrgokq/image/upload/v1749030737/okta9_nooz3a.png" />
Ensure that all the marked provisioning actions were successful:
<img src="https://res.cloudinary.com/do5hrgokq/image/upload/v1749030738/okta10_ouhvea.png" />
- Click **Save** to update the provisioning configuration.
- Click the **To App** section on the left and click **Edit**:
<img src="https://res.cloudinary.com/do5hrgokq/image/upload/v1749030737/okta11_xgcyvi.png" />
- Please enable the settings:
- Create Users
- Update User Attributes
- Deactivate Users

And click **Save.**

<Info>If you already created an “Elementary Users” group under the Assignments tab in the previous section, you may want to remove and re-add it to ensure all the users there are created successfully in Elementary. </Info>
</Accordion>

## **Pushing groups to Elementary**

Expand Down
Loading