Configure Your App with Identity Provider for SCIM User Provisioning

Introduction

This guide walks you through configuring an Identity Provider (IdP) to integrate with CredoAI's Governance App using SCIM (System for Cross-domain Identity Management) for automated user provisioning. We will show steps with Okta for the purpose of this article.

Note: Our SCIM integration does not currently support creating local users. In order to use our SCIM integration, you will need to turn off local users in your tenant.

Enable SCIM for Your Tenant

Before starting, you need to ensure that SCIM is enabled for your CredoAI tenant.

  • Contact your CredoAI Customer Success Manager

  • Request that the SCIM entitlement be turned on for your tenant

Generate a SCIM Token in the Governance App

  • Log in to the CredoAI Governance App as an Admin

  • Navigate to the Settings tab

  • Select the Information page

  • Click Create Token

    1-3
  • Copy the token and store it in a secure location—you won't be able to see it again

  • After copying, enable the token using the toggle 2-1

Configure SCIM in Okta

1. Create or Update the App

  • Go to your Okta Admin Dashboard

  • Either:

    • Create a new SSO application for CredoAI

    • Or select your existing CredoAI SSO app (if applicable)

  • Under the application settings, ensure the box for “Enable SCIM provisioning” is checked

    3

2. Configure the Provisioning Settings

  • Go to the app’s Provisioning tab

  • Click Edit to begin configuration

Enter the following values:

  • SCIM Base URL:

    https://api.credo.ai/scim/v2/<your-tenant-name>

    Replace <your-tenant-name> with the actual name of your tenant.

    Note: The base URL will be different if your app is self-hosted. You will need to replace https://api.credo.ai with the appropriate value for your self-hosted environment as seen below

    4
     
  • Unique Identifier Field for Users:

    userName

  • Authentication Mode:

    HTTP Header

  • Bearer Token:
    Paste the token you generated from the Governance App

    5
     

Enable Supported Operations:

  • Check the boxes shown in the configuration image above

  • Click Test Connector Configuration to verify the configuration

  • Click Save

3. Finalize Provisioning Settings

  • Navigate to the To App section under provisioning

  • Check the necessary boxes to enable the appropriate provisioning operations 6

     

Add and Test a User

  • Go to the Assignments tab in your Okta app

  • Assign a test user to the app

  • Log back into the CredoAI Governance App

  • Verify that the user is now visible under the Users section

    7

Troubleshooting

  • If the test fails or users don’t appear in the Governance App:

    • Double-check your SCIM base URL and token

    • Ensure your Okta app has proper permission scopes

    • Contact CredoAI support for assistance