System for Cross-domain Identity Management (SCIM) is an open standard supported by identity providers (IdPs) such as Okta, OneLogin, Microsoft Entra ID, Ping Identity, Saviynt, and others. SCIM allows you to securely manage access to your Ontra account through your identity provider, instead of manually provisioning and deprovisioning access through Ontra's UI.

To learn more about SCIM and how it can benefit your organization's efficiency and security posture, Okta's Understanding SCIM article is a good starting point.

Before you get started 

To enable SCIM, you must be an Ontra Admin. Once enabled, you will be able to:

• Create, manage and remove standard users
• Create, manage and remove user groups and group members

You cannot create Ontra Admins through SCIM. To grant a user an Admin role, you must assign that within Ontra. 

Setup and implementation 

Enable SCIM for your Ontra account

1. Log in to Ontra
2. In the left-hand navigation, under Admin, open the Integrations page
3. Locate the SCIM tile and click Connect
4. Follow the prompts to complete the authentication process
   1. Save the OAuth 2.0 Client ID and Client Secret presented to you. You will use these with your identity provider to authenticate to our SCIM API. These are only shown once. If you lose them, you will need to disable and re-enable the SCIM integration to generate new ones.

Configure your identity provider

After enabling SCIM for your Ontra account, you will need to configure your identity provider to talk to Ontra's SCIM API. Besides the client ID and secret that you generated in the previous step, you may also need to know:

• SCIM base URL: https://app.ontra.ai/scim/v2
• Authentication: OAuth 2.0 client credentials grant flow
• Access token endpoint: https://login.ontra.ai/oauth/token

You can then install Ontra's SCIM integration using your identity provider's instructions: