synced/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2025-03-25 14:05:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc: added tip for SCIM

Browse Source
This commit is contained in:
Sheen Capadngan
2024-11-23 03:11:06 +08:00
parent 7c62a776fb
commit 63fac39fff
1 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/documentation/platform/scim/overview.mdx
View File

@ -3,11 +3,15 @@ title: "SCIM Overview"
description: "Learn how to provision users for Infisical via SCIM."
---
<Note>
SCIM provisioning can only be enabled when either SAML or OIDC is setup for
the organization.
</Note>
<Info>
SCIM provisioning is a paid feature.
If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
then you should contact sales@infisical.com to purchase an enterprise license to use it.
SCIM provisioning is a paid feature. If you're using Infisical Cloud, then it
is available under the **Enterprise Tier**. If you're self-hosting Infisical,
then you should contact sales@infisical.com to purchase an enterprise license
to use it.
</Info>
You can configure your organization in Infisical to have users and user groups be provisioned/deprovisioned using [SCIM](https://scim.cloud/#Implementations2) via providers like Okta, Azure, JumpCloud, etc.
@ -24,9 +28,14 @@ SCIM providers:
**FAQ**
<AccordionGroup>
<Accordion title="Why do SCIM-provisioned users have to finish setting up their account?">
Infisical's SCIM implementation accounts for retaining the end-to-end encrypted architecture of Infisical because we decouple the **authentication** and **decryption** steps in the platform.
For this reason, SCIM-provisioned users are initialized but must finish setting up their account when logging in the first time by creating a master encryption/decryption key. With this implementation, IdPs and SCIM providers cannot and will not have access to the decryption key needed to decrypt your secrets.
</Accordion>
</AccordionGroup>
<Accordion title="Why do SCIM-provisioned users have to finish setting up their account?">
Infisical's SCIM implementation accounts for retaining the end-to-end
encrypted architecture of Infisical because we decouple the
**authentication** and **decryption** steps in the platform. For this
reason, SCIM-provisioned users are initialized but must finish setting up
their account when logging in the first time by creating a master
encryption/decryption key. With this implementation, IdPs and SCIM providers
cannot and will not have access to the decryption key needed to decrypt your
secrets.
</Accordion>
</AccordionGroup>