User and Team Provisioning

If you are using an identity provider you might want to automatically synchronize your users and teams directly into Catalog. To do so, we expose an SCIM API allowing identity providers to handle users’ statuses and their team assignations.

This SCIM API allows to add, update and deactivate synchronized users and teams.

Here are walkthroughs to set this up for Microsoft Entra ID (ex AzureAD) and OKTA.

Role Assignment Based on Team Membership

Once the set up is configured, an automated script in Catalog will assign roles to users based on their team membership. To enable this functionality, you'll need to provide a role mapping that links teams to specific roles.

Handling Multiple Team Memberships:

If a user belongs to multiple teams, the system will automatically assign the role associated with the team that has the highest level of access.

Role Mapping Example:

You’ll provide a mapping that specifies which roles correspond to each team.

{
  "VIEWER": ["dev"],
  "CONTRIBUTOR": ["marketing", "sales"],
  "ADMIN": ["founders"]
}

PreviousAzure AD via SAML NextSCIM setup for Microsoft Entra ID

Last updated 3 months ago

Was this helpful?