Automate User Access in Knowledge Base Using SCIM

Managing user access at scale becomes much easier with SCIM support in Document360. SCIM (System for Cross-Domain Identity Management) is an open standard that automates how user identity data is shared between your identity provider and Document360, helping organizations simplify provisioning, strengthen security, and keep user access synchronized.

In this tutorial, you’ll learn how to configure SCIM provisioning in Document360 using Okta, enable automatic user and group synchronization, and manage access through your identity provider.

Create an SSO Configuration

To get started:

• Open your Document360 project
• Navigate to Users and Permissions
• Select SSO Configuration
• Click Create New SSO Connection
• Select Okta as the identity provider
• Choose SAML as the authentication method

This establishes the foundation required for SCIM provisioning.

Configure SAML in Your Provider (Ex. Okta)

In Okta:

• Create a new application integration
• Select SAML as the sign-in method
• Enter an application name and optional logo
• Configure the SAML settings using values provided by Document360
• Add the Sign-On URL
• Add the Audience URI
• Set the Name ID format to Email Address
• Set the Application Username to Email

On the next screen, select the first option for the application type and complete the app creation process.

Complete SSO Setup in Document360

After creating the application in Okta:

• • Return to Document360
  • Add the Sign-On URL from Okta
  • Add the Issuer URL
  • Upload the X.509 certificate

This completes the SAML connection between Okta and Document360.

Enable SCIM Provisioning

To configure SCIM:

• Enable SCIM provisioning in Document360
• Accept the confirmation prompt
• Configure Group Sync settings
• Select default roles
• Assign user groups and reader groups

These settings determine how users and groups are provisioned when synchronized from Okta.

Configure SCIM in Okta

Next, configure provisioning settings in Okta.

• Open the application’s Provisioning tab
• Enable SCIM provisioning
• Add the SCIM Base URL from Document360
• Set the Unique Identifier to Username
• Enable provisioning actions for users and groups

For authentication:

• Select HTTP Header authentication
• Paste the primary secret token from Document360

Finalize the Configuration

To complete the setup:

• Return to Document360
• Provide a name for the SSO configuration
• Add a login prompt
• Click Create

Once completed, test the connection from Okta to verify successful communication.

Provision Users Automatically

After SCIM is enabled, user management can be performed directly from Okta.

• Assign users to the application in Okta
• Automatically provision users in Document360
• Synchronize user information without manual intervention

New users will automatically receive access based on your provisioning configuration.

Configure User and Reader Access

To determine whether a user is provisioned as a user or reader:

• Create a custom attribute in Okta
• Assign a true or false value

If the attribute is set to true, the account is provisioned as a user in Document360.

If the attribute is set to false or left undefined, the account is provisioned as a reader in Document360.

Provisioned accounts will appear under the appropriate Users and Groups or Readers and Groups sections.

Manage Roles and Groups

After SCIM is enabled:

• User profile information is managed through your identity provider
• Names and email addresses remain synchronized automatically
• Roles and group assignments can still be managed within Document360

You can further extend SCIM by configuring additional users, groups, and provisioning rules to match your organization’s requirements.

With SCIM configured, Document360 can automatically provision, update, and manage user access, reducing manual administration while improving security and scalability.