In this article, you will learn how to configure System for Cross-domain Identity Management (SCIM) provisioning on your Productboard workspace.
SCIM provisioning allows you to manage all your accounts in one central location – your identity provider, from creation until deactivation.
In this article:
Supported identity providers
If Azure AD is your identity provider, please follow the Setting up SCIM provisioning with Azure AD article.
If Okta is your identity provider, please follow the Setting up SCIM provisioning with OKTA article.
If your identity provider is different or it’s a custom one, please follow the instructions in the article below.
To get started, you’ll need the following items:
- A Productboard single sign-on (SAML SSO) is configured and working (available on the Enterprise plan). For more information, see the article Enforce SAML single sign-on.
Setting up SCIM provisioning
Once SAML SSO is set up on your account, follow the below steps:
- Go to https://<your_workspace>.productboard.com/ , then to Settings under the Workspace menu and Toggle on SCIM provisioning.
- Enable SCIM provisioning in your identity provider for Productboard application. The base URL for our SCIM API is https://api.productboard.com/scim/v2. We only support Users (members in Productboard) read, create and update. We don’t support deletion, but you can deactivate members by setting "active": false. You can also store an ID from your identity provider as an externalId. You can find more details about our SCIM API and all supported attributes here. If you need to get an idea of how to handle roles in your identity provider check out how it’s done in Okta.
- For authentication, you can choose between generating an Access token and using OAuth2.
For OAuth2, see the article How to integrate with Productboard via OAuth2 - developer documentation
For Access token go to https://<your_workspace>.productboard.com/ , then to Integrations under Profile menu. Find the Public API section and generate and copy the Access token. Paste the token to the Authorization field in Okta.