Ledgy

- Identity providers we support
- How SCIM works at Ledgy
- Getting started
- Okta guide

___________________________________________________________

Ledgy’s System for Cross-domain Identity Management (SCIM) feature allows user info to be synced with your identity provider (IdP). This enables auto-provisioning of users which can be useful for onboarding and offboarding flows. <a href="https://help.ledgy.com/en/articles/66021-configure-sso-for-your-users">SSO</a> is a prerequisite.

Note: SCIM is only available to customers on the Enterprise plan.

Ledgy’s SCIM integration is only compatible with Okta at this time. If you have any issues or requests please reach out to <a href="mailto:support@ledgy.com" rel="nofollow noopener noreferrer" target="_blank">support@ledgy.com</a>

Once configured and enabled, SCIM syncs user profile info with your identity provider and can help automate onboarding and offboarding flows:

User name, email, and address will be updated based on values in your IdP.

When a user is granted access to Ledgy in your IdP, we’ll automatically create an account on Ledgy. However, the user will not have access to their equity stake until you proactively invite them. Until then, their account will be empty.

When a user’s access is revoked in your IdP, we’ll automatically remove access to their equity stake on Ledgy. If you want them to continue to have access to their equity stake, you need to re-invite them using a personal email. As long as the email doesn’t match your corporate email domain, they’ll be able to log in with their email and password.

- User name, email, and address will be updated based on values in your IdP.
- When a user is granted access to Ledgy in your IdP, we’ll automatically create an account on Ledgy. However, the user will not have access to their equity stake until you proactively invite them. Until then, their account will be empty.
- When a user’s access is revoked in your IdP, we’ll automatically remove access to their equity stake on Ledgy. If you want them to continue to have access to their equity stake, you need to re-invite them using a personal email. As long as the email doesn’t match your corporate email domain, they’ll be able to log in with their email and password.

To use SCIM, you first need to configure and enable <a href="https://help.ledgy.com/en/articles/66021-configure-sso-for-your-users">SSO</a>.

Once you have SSO set up, in Company Settings you need to generate a bearer token and add it to the application in your identity provider. You can then turn on SCIM.

Before setting up SCIM, either a <a href="https://help.ledgy.com/en/articles/66021-configure-sso-for-your-users#h_33b5726287">SAML</a> or <a href="https://help.ledgy.com/en/articles/66021-configure-sso-for-your-users#h_693068dc25">OIDC</a> application needs to be setup from within the Okta admin panel. If you’ve configured <a href="https://help.ledgy.com/en/articles/66021-configure-sso-for-your-users">SSO</a> you’ll already have this.

From the provisioning menu in your application, select Enable SCIM provisioning:

Go to the Provisioning tab and click Edit:

Enter the following configuration details, replacing <code>orgSlug</code> with your organizational slug and entering the bearer token generated in Ledgy’s Company Settings under HTTP Header:

Select the To App tab on the left and configure the settings below, ensuring your mappings are correct for the user’s name, email and address:

1. From the provisioning menu in your application, select Enable SCIM provisioning:
 
 
 
2. Go to the Provisioning tab and click Edit:
 
 
 
 
3. Enter the following configuration details, replacing <code>orgSlug</code> with your organizational slug and entering the bearer token generated in Ledgy’s Company Settings under HTTP Header:
 
 
 
4. Test your connection.
 
5. Select the To App tab on the left and configure the settings below, ensuring your mappings are correct for the user’s name, email and address:

Content

Identity providers we support

How SCIM works at Ledgy

Getting started

Okta guide