Content
Identity providers we support
How SCIM works at Ledgy
Getting started
Okta guide
Ledgy’s System for Cross-domain Identity Management (SCIM) feature allows user info to be synced with your identity provider (IdP). This enables auto-provisioning of users which can be useful for onboarding and offboarding flows. SSO is a prerequisite.
Note: SCIM is only available to customers on the Enterprise plan.
Identity providers we support
Ledgy’s SCIM integration is only compatible with Okta at this time. If you have any issues or requests please reach out to [email protected]
How SCIM works at Ledgy
Once configured and enabled, SCIM syncs user profile info with your identity provider and can help automate onboarding and offboarding flows:
User name, email, and address will be updated based on values in your IdP.
When a user is granted access to Ledgy in your IdP, we’ll automatically create an account on Ledgy. However, the user will not have access to their equity stake until you proactively invite them. Until then, their account will be empty.
When a user’s access is revoked in your IdP, we’ll automatically remove access to their equity stake on Ledgy. If you want them to continue to have access to their equity stake, you need to re-invite them using a personal email. As long as the email doesn’t match your corporate email domain, they’ll be able to log in with their email and password.
Getting started
To use SCIM, you first need to configure and enable SSO.
Once you have SSO set up, in Company Settings you need to generate a bearer token and add it to the application in your identity provider. You can then turn on SCIM.
Okta guide
Before setting up SCIM, either a SAML or OIDC application needs to be setup from within the Okta admin panel. If you’ve configured SSO you’ll already have this.
From the provisioning menu in your application, select Enable SCIM provisioning:
Go to the Provisioning tab and click Edit:
Enter the following configuration details, replacing
orgSlug
with your organizational slug and entering the bearer token generated in Ledgy’s Company Settings under HTTP Header:Test your connection.
Select the To App tab on the left and configure the settings below, ensuring your mappings are correct for the user’s name, email and address: