PlanDocket
Deutsch English

SSO Settings

Configure SAML 2.0 Single Sign-On and SCIM user provisioning.

SSO settings enable integration with enterprise identity providers via SAML 2.0. Administrators can sign in through your organization's central identity provider. Additionally, SCIM 2.0 can be enabled for automatic user management.

Manage SSO Providers

Create and manage SAML 2.0 identity providers:

  • Create Provider - Configure a new SSO provider with name, entity ID, SSO URL, and certificate
  • Edit Provider - Update existing provider configuration
  • Enable/Disable Provider - Toggle individual providers on or off
  • Multiple Providers - Configure multiple identity providers for different user groups

Service Provider Metadata

Automatically generated endpoints for your identity provider:

  • Metadata URL - SP metadata URL for import into your identity provider
  • ACS URL - Assertion Consumer Service URL for SAML responses
  • Logout URL - Single Logout URL for federated sign-out

SCIM Provisioning

Automatic user management via SCIM 2.0:

  • Enable SCIM - Activate SCIM provisioning per provider
  • SCIM Endpoint - Automatically generated SCIM API URL for your identity provider
  • Bearer Token - Authentication token for SCIM API calls
  • User Provisioning - Admin accounts are automatically created when users are assigned in the IdP
  • User Deprovisioning - Admin accounts are deactivated when users are removed from the IdP
  • Group Mapping - Map IdP groups to PlanDocket roles

SSO Login

How SSO login works:

  • Login Page - SSO buttons automatically appear on the admin login page when providers are configured
  • Auto-Provisioning - New admin accounts can be automatically created on first SSO login
  • Attribute Mapping - SAML attributes are mapped to admin profile fields (name, email)

Setup Notes

  • Suggestions - The system shows contextual suggestions (no provider configured, inactive providers, missing SCIM configuration)
  • Supported IdPs - Any SAML 2.0-compatible identity provider (Azure AD, Okta, Google Workspace, OneLogin, etc.)

Tips

  • Test SSO login with a test admin account first
  • Configure SCIM after SSO to enable automatic user management
  • Keep SCIM bearer tokens secure - they grant write access to admin accounts
  • Use the SP metadata URL for easy IdP configuration instead of manual entry

Notes

  • SSO requires the SSO feature flag to be enabled in feature settings
  • Requires the settings.view (view) and settings.edit (edit) permissions
  • SSO does not replace local login - both methods can be used in parallel
Email Queue Cookie Consents
API Version v1.0
Esc to close