This article describes how to setup System for Cross-domain Identity Management (SCIM) with your Identity Provider (IdP) for automated user provisioning and management in Krisp Enterprise accounts.
- Platform: Windows, Mac
- Krisp account plan: Enterprise
- Krisp Team Admin privileges
- SCIM option enabled for your team (contact your account manager)
- IdP account admin privileges
Along with the Krisp SSO set up on your team, SCIM will let you:
- Automatically assign users to unassigned seats in your Krisp team.
- Automatically unassign the users from the seats in your Krisp team.
Note: You cannot assign more users through SCIM than the number of unassigned seats in your Krisp team.
Hint: SCIM is a standard protocol, so you can configure it with any IdP whenever the option is available. We will go through the steps on the Okta example.
- Make sure that you have Okta SSO configured with your Krisp team. Check this article for that.
- Go to your Krisp team dashboard >>> Settings >>> SCIM Configure.
Turn on the Enable SCIM toggle.
- Go to your Okta dashboard >>> the General settings of the Krisp SSO integration app >>> click Edit.
- Select SCIM as Provisioning option and click Save.
- A new Provisioning tab will be added to the navigation panel. Go to that tab and click Edit.
- Start filling in the fields:
- SCIM connector base URL: copy the "SCIM Endpoint" from Krisp SCIM settings to this field
- Unique identifier field for users: email
- Supported provisioning actions: "Import New Users and Profile Updates"; "Push New Users"; "Push Profile Updates"
- Authentication Mode: HTTP header
- Authorization: copy the "SCIM Token" from Krisp SCIM settings to this field
Test the connector configuration to make sure that everything is set up correctly and click Save.
- After saving, a To App section will appear in the Provisionning settings. To that section. Click Edit.
- Enable the following options:
- Create Users
- Update User Attributes
- Deactivate Users
After these configurations, you can assign users in the Okta dashboard and they will automatically be assigned to available seats in your Krisp team.
Note: The users won't need to additionally accept invitations.
The only thing they will need to is to
- Install the Krisp app on their device
- Sign in with SSO by authenticating in the IdP
If you remove an assigned user from your IdP account, or from the specific application, the user will be unassigned from the Krisp team as well.
Note: You cannot assign or unassign users to your Krisp team from the team dashboard whenever SCIM is enabled.