Set up Member (SCIM) provisioning

  • 24 August 2020
  • 0 replies
  • 3731 views

Userlevel 3
Badge

Member provisioning in Slido Admin implements the SCIM protocol and enables you to manage members in Team Management using your Identity Provider (IdP).

 

At the moment, we have verified member provisioning setups for OktaOneLoginMicrosoft Azure and Auth0 IdPs. However, it is entirely possible to use our implementation of the SCIM protocol with any other IdP that adheres to SCIM standards.

 

Available in our Enterprise and Institution plans. 



In this article:

 

Setting up Member provisioning in Slido

 

1. When Admin SAML SSO is enabled, the Enable SCIM-Based member provisioning checkbox becomes visible in the Provisioning section:

 

file.php?view=Y&file=t5mgbs4z4yht5f1p04kgu90d5ygaifp5.gif

 

Please review all existing Slido users under your account when enabling member provisioning. With this option enabled, you lose the ability to manage Slido users in Slido Admin directly through Team Management. This will now have to be done entirely through your Identity Provider.


2. To set up provisioning on Identity Provider side, you need the SCIM Base URL which you can easily copy to clipboard. Another required information is the Bearer token (Security token) which you can generate by clicking on the Generate Token button:

 

file.php?view=Y&file=6u1fvtn1v4jha2ydscunt2ve1oqxbxal.gif


3. The generated token is displayed next to the Generate token button. Once you generate token, please copy and paste it into your IdP set up just after generating.

 

The generated token is visible and can be copied only until the page is refreshed. Afterwards, you will only have the ability to deactivate it.

 

file.php?view=Y&file=j9crd8s5f3ll0wixc2k56l5cpbz9e3zr.gif


4. The list of information about generated tokens is available in the bottom part of Provisioning section which can be expanded by clicking the Show more button. You can deactivate a token by clicking on Deactivate if necessary:

 

file.php?view=Y&file=4wd060ef7ubnjepkpzg2b5179pn6ni52.gif


5. By default, user role provisioning is disabled - Enable SCIM-Based Role provisioning checkbox is unticked. That means users are provisioned from Identity Provider to Slido Admin, but their Slido user role is not managed in the Identity Provider itself. Because of that, a default user role (User) is assigned to them. This can be changed in the User Role dropdown:

 

file.php?view=Y&file=r9bq16wufba7odjfmq8sv8jkcwcbu92l.gif


6. If the user role provisioning is supported by your Identity Provider (via SCIM Group provisioning), you can toggle on Enable SCIM-Based Role provisioning.

 

Please make sure your IdP supports SCIM-based role provisioning. Doing so in unsupported IdP would prevent member provisioning to work properly.

 

file.php?view=Y&file=uz7t9p7ognjcbo3xyd1n0sk8lbcbl372.gif


Guest management with member provisioning enabled

 

Once member provisioning is enabled you can only invite people who are already members of your Slido organization to your Slido events as collaborators. This requires you to provision all new Guest users into your organization first through your SCIM service provider.

 

If you want to allow invitation of guests from outside of your organization to help manage your Slido events, you can use the option to exclude guests from member provisioning by ticking the Exclude guests checkbox.

 

This setup allows Guest to authenticate using other supported options (password, Google) when logging in to your account and enter the event.
 

file.php?view=Y&file=8f4qcu16bqxkso7s4rgav88yu5meb5gg.gif

 

This only enables Guest invitations directly through event settings. Inviting guests through account team management remains disabled.


Set up Member provisioning in selected Identity Providers

 

Below you can find manuals that we have prepared for various IdPs, so you can set up SAML SSO and provisioning for your Slido organization accordingly.

 

Set up Single-sign on and Provisioning for your organization in:


 

Curious about more?

 

 


0 replies

Be the first to reply!

Reply