In this article, you will learn how to configure System for Cross-domain Identity Management (SCIM) provisioning on your Productboard workspace.
SCIM provisioning allows you to manage all your accounts in one central location – your identity provider, from creation until deactivation.
In this article:
Supported identity providers
If Microsoft Entra ID is your identity provider, please follow the Setting up SCIM provisioning with Microsoft Entra ID article.
If Okta is your identity provider, please follow the Setting up SCIM provisioning with OKTA article.
If your identity provider is different or it’s a custom one, please follow the instructions in the article below.
Prerequisites
To get started, you’ll need the following items:
- A Productboard single sign-on (SAML SSO) is configured and working (available on the Enterprise plan). For more information, see the article Enforce SAML single sign-on.
Setting up SCIM provisioning
Once SAML SSO is set up on your account, follow the below steps:
- Go to https://<your_workspace>.productboard.com/, then to Settings under the Workspace menu and Toggle on SCIM provisioning. If you want to also use Group provisioning, enable Manage teams with SCIM.
- Enable SCIM provisioning in your identity provider for Productboard application. The base URL for our SCIM API is https://api.productboard.com/scim/v2. We only support Users (members in Productboard) read, create and update. We don’t support deletion, but you can deactivate members by setting "active": false. You can also store an ID from your identity provider as an externalId. You can find more details about our SCIM API and all supported attributes here. If you need to get an idea of how to handle roles in your identity provider check out how it’s done in Okta.
Enable SCIM provisioning in your identity provider for Productboard application. The base URL for our SCIM API is https://api.productboard.com/scim/v2. We support Users (members in Productboard) read, create and update. We don’t support deletion, but you can deactivate members by setting "active": false. For users, you can also store an ID from your identity provider as an externalId. We also support Groups (teams in Productboard) read, create, update and delete. You can find more details about our SCIM API and all supported attributes here. If you want to understand how to handle roles in your identity provider, check out how it's done in Okta. - For authentication, you can choose between generating an Access token and using OAuth2.
For OAuth2, see the article How to integrate with Productboard via OAuth2 - developer documentation
For Access token go to https://<your_workspace>.productboard.com/ , then to Integrations under Profile menu. Find the Public API section and generate and copy the Access token. Paste the token to the Authorization field in Okta.
Comments
Article is closed for comments.