In this article:
Use this guidance to automatically provision SecurityScorecard users in your organization with the System for Cross-domain Identity Management (SCIM) standard.
This is especially helpful if you have many people in your organization who need to use SecurityScorecard.
Configure SCIM for your SecurityScorecard account
After you complete these steps, you will not have to create or delete separate SecurityScorecard accounts for single-signon (SSO) users in your organization. SecurityScorecard accounts will automatically be provisioned for these users.
Connect SecurityScorecard to your SCIM application
Note: Make sure that the person who creates the API token in this step has permissions to create and update users and teams in the SecurityScorecard platform.
- Create an API token in SecurityScorecard.
- In your SCIM management application enter the following information:
-
- For Base URL, enter the following endpoint:
https://platform-api.securityscorecard.io/scim/v2/. - Enter the API token you created in SecurityScorecard.
- For Base URL, enter the following endpoint:
Configure SCIM roles
-
In your identity provider (IdP) application, such as Okta Identity or Microsoft Azure AD, create an attribute and name it
sscRoles. -
Select one of the following role values. The selected role will be assigned to your provisioned users:
- Guest
- Read Only
- User
- Customer Admin
-
Set the data type to
Array[string]if applicable. -
Set the external namespace to
urn:ietf:params:scim:schemas:core:2.0:User.
Note: Every provisioned user is automatically assigned the role you select in the configuration, but you can manually change any user's role. Learn how to mange users and roles.