SSO and User Provisioning Overview

Centralize your company security and automate account management by integrating Single Sign-On (SSO) and SCIM provisioning. This article provides a high-level overview of how these features transform your administrative workflow.

Management Shift: Once SSO and SCIM provisioning are active, you can no longer invite and manage Users through the Contractbook company settings. All user management and provisioning must be handled through your Identity Provider instead:

General Setup Workflow

• Generate an API Key: Access your company settings to create a unique API key. This key authenticates the connection between Contractbook and your Identity Provider. 

• Configure your Identity Provider: Use the generated API key to set up Contractbook as an authorized application within Okta or Microsoft Entra.

• Enable SCIM Synchronization: Map your users and user groups within your provider to automate account creation and permission distribution.

• Verify User Emails: Confirm that the email addresses in your Identity Provider match the ones users will use for Contractbook.

Pro-tips for Admins

Email Consistency: Ensure email addresses in your IdP exactly match existing Contractbook accounts. A mismatch during synchronization may create duplicate accounts or prevent users from logging in.

Group Permissions: Use user groups in your IdP to manage permissions at scale. This ensures new hires automatically receive the correct access levels upon their first login.

Related Articles

• Generate API keys
  

• OKTA SSO and SCIM setup 

• Microsoft Entra SSO and SCIM setup 

• Email address change