Agent Audit/Docs/Setup/SCIM
SCIM · 5 MINSCIM 2.0 · provider tabs

SCIM 2.0 provisioning.

Let your IdP provision and deprovision Agent Audit users automatically. Create a tenant-scoped bearer token, paste it into your IdP, and users in your IdP show up in Agent Audit with the right role.

Your SCIM endpoints.

Paste these into your IdP. The Bearer token is created in the next step.

Base URLhttps://www.agentaudit.co.uk/scim/v2
Discovery URLhttps://www.agentaudit.co.uk/scim/v2/ServiceProviderConfig

Mint a SCIM credential.

  1. Sign in to /dashboard/ as an admin.
  2. Open Settings → Identity.
  3. In the SCIM block: pick a Label (e.g. Okta production) → Create credential.
  4. The token is shown once. Copy it now.
Treat the token like a password. Anyone with it can create, update or delete users in your Agent Audit tenant. Store it in your IdP's secret manager only.

Configure your IdP.

1. Enable provisioning on your Agent Audit Okta app

  1. If you already set up SSO via OIDC, go to that app. Otherwise create an Okta SCIM application: Applications → Browse App Catalog → SCIM 2.0 Test App (Header Auth) as a starting point, name it Agent Audit.
  2. On the app → Provisioning → Configure API Integration.
  3. Tick Enable API integration.
  4. SCIM Base URL: https://www.agentaudit.co.uk/scim/v2.
  5. API Token: paste the SCIM credential you minted above.
  6. Click Test API Credentials — Okta probes /Users?count=1; expect a 200.

2. Enable provisioning actions

  1. Provisioning → To App → Edit.
  2. Enable Create Users, Update User Attributes, Deactivate Users.
  3. Provisioning → Attribute mappings → leave the defaults (userName / email / displayName).

3. Assign people

Add the Okta groups whose members should appear in Agent Audit. Okta posts a POST /Users for each.

1. Enable provisioning on your Enterprise app

  1. Entra admin centre → Enterprise applications → your Agent Audit app.
  2. If you don't have one yet, create one via New application → Create your own application → name Agent Audit.
  3. On the app → Provisioning → Get started → Automatic.

2. Admin credentials

  1. Tenant URL: https://www.agentaudit.co.uk/scim/v2.
  2. Secret Token: paste the SCIM credential.
  3. Click Test Connection — expect a green check.

3. Mappings

  1. Provisioning → Mappings → Provision Microsoft Entra ID Users.
  2. Leave the default mappings (userPrincipalName → userName, mail → emails[type eq "work"].value, displayName, active).
  3. Save.

4. Scope + Start

  1. Provisioning Status: On.
  2. Scope: pick assigned users / groups, then assign people on the Users and groups tab.

1. Create a custom SCIM application

  1. JumpCloud admin → SSO Applications → Add Application → Custom SCIM.
  2. Name: Agent Audit.
  3. On the SCIM tab:
    • Base URL: https://www.agentaudit.co.uk/scim/v2
    • Token Key: paste the SCIM credential
    • Test User Email: any email you control
  4. Click Test Connection.

2. Attribute mappings

JumpCloud's defaults work — userName = email, active = true. No customisation needed for Agent Audit's basic role.

3. Assign user groups

On the application's User Groups tab, add the groups whose members should sync.

Test provisioning.

  1. Assign one user to your IdP's Agent Audit application.
  2. Wait 30-60s (Okta), 5-10 min (Azure AD default), or trigger a manual sync.
  3. In Agent Audit → Settings → Members, the user should appear with the default role.
  4. Deactivate the user in your IdP — within the next sync they should disappear from Members (we soft-deprovision by removing the membership, the user's audit trail stays).

Role mapping.

Agent Audit roles: owner, admin, member, viewer. The default for newly-provisioned users is member.

To map IdP groups or attributes to specific Agent Audit roles, set a custom attribute mapping in your IdP:

Anyone the IdP marks as admin will be able to create / revoke SCIM credentials themselves — be deliberate about which groups you grant.

Troubleshooting.