npm - @workos/mcp-docs-server - Versions diffs - 0.1.0 → 0.2.0 - Mend

@workos/mcp-docs-server 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (568) hide show

package/.docs/organized/docs/integrations/net-iq-saml.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: NetIQ
-description: "Learn how to configure a connection to\_NetIQ via SAML."
+description: Learn how to configure a connection to NetIQ via SAML.
 icon: net-iq
 breadcrumb:
   title: Integrations
@@ -72,4 +72,4 @@ At minimum, the Attribute Statement in the SAML Response should include `id`, `e
 With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named `groups` to return this information in the attribute statement.
-Once your SAML app is configured to return groups, navigate to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+Once your SAML app is configured to return groups, navigate to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.

package/.docs/organized/docs/integrations/next-auth.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: NextAuth.js
-description: "Create a Next.js application with WorkOS\_SSO and NextAuth.js."
+description: Create a Next.js application with WorkOS SSO and NextAuth.js.
 icon: next-auth
 breadcrumb:
   title: Integrations

package/.docs/organized/docs/integrations/oidc.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: OpenID Connect
-description: Learn how to configure a new generic OIDC connection.
+description: Learn how to configure a new generic OIDC connection
 breadcrumb:
   title: Integrations
   url: /integrations
@@ -9,56 +9,69 @@ originalPath: .tmp-workos-clone/packages/docs/content/integrations/oidc.mdx
 ## Introduction
-Each SSO Identity Provider requires specific information to create and configure a new [connection](/glossary/connection). Often, the information required to create a connection will differ by Identity Provider.
-To create an OpenID Connect (OIDC) connection, you’ll need four pieces of information: a [Redirect URI](/glossary/redirect-uri), a [Client ID](/glossary/client-id), a [Client Secret](/glossary/client-secret), and a [Discovery Endpoint](/glossary/discovery-endpoint).
+To set up an OpenID Connect (OIDC) connection on behalf of an organization, you'll need the client credentials and the discovery endpoint of their OIDC provider from the organization's IT team.
 ---
 ## What WorkOS provides
-WorkOS provides the Redirect URI. It’s readily available in your connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/). The Redirect URI is the location an Identity Provider redirects its authentication response to.
+When setting up an OIDC connection, WorkOS provides one key piece of information in the **Service Provider Details** section for an SSO connection within the [WorkOS Dashboard](https://dashboard.workos.com/):
+- [Redirect URI](/glossary/redirect-uri): The endpoint where identity providers send authentication responses after successful login
+![The Redirect URI of a OIDC connection in the WorkOS Dashboard.](https://images.workoscdn.com/images/99a7c7d5-50a9-4bff-a3f3-22dc1cfeca58.png?auto=format&fit=clip&q=50)
-![A screenshot showing the Redirect URI of a OIDC connection in the WorkOS Dashboard.](https://images.workoscdn.com/images/8ad61f1a-b7af-452d-85fd-18455d545b23.png?auto=format&fit=clip&q=50)
+The **Redirect URI** serves as the destination for authentication responses and must be configured in the organization's identity provider admin dashboard.
 ---
-## What you’ll need
+## What you will need
-In order to integrate you’ll need the Client ID, Client Secret, as well as the Discovery Endpoint.
+You will need to obtain three pieces of information from the organization:
-Normally, this information will come from the organization's IT Management team when they set up your application’s OpenID Connect configuration in their Identity Provider admin dashboard. But, should that not be the case during your setup, here’s how to obtain them.
+- [Client ID](/glossary/client-id): Application identifier from the OIDC provider
+- [Client Secret](/glossary/client-secret): Authentication secret for the application
+- [Discovery Endpoint](/glossary/discovery-endpoint): Configuration URL containing OIDC metadata
+Typically, the organization's IT team will provide these values when they configure your application in their identity provider admin dashboard. However, if you need to guide them through the process, the following sections will help.
 ---
-## (1) Create an Application with your IdP
+## (1) Create an application with the identity provider
-For SSO to properly function with your Identity Provider, you’ll need to create and configure your OpenID Connect application to support the authorization code grant type and have the redirect URI from WorkOS listed as your login redirect URI.
+For SSO to properly function, the organization needs to create and configure an OpenID Connect application in their identity provider that supports the authorization code grant type.
----
+Copy the **Redirect URI** from the WorkOS Dashboard connection settings.
-## (2) Add claims to the ID token
+Instruct the organization admin to paste this value as the login redirect URI in their OIDC application configuration. This ensures authentication responses are sent to the correct WorkOS endpoint.
-Add the `sub`, `email`, `given_name`, and `family_name` claims to the user ID token in your OIDC provider settings. These claims map to the `idp_id`, `email`, `first_name`, and `last_name` attributes in the user profile returned by WorkOS. If the `given_name` claim is not available, the `name` claim will be mapped to the `first_name` attribute instead. For many providers, these claims are included by default, but for other providers you will need to add these claims.
+---
-### Role Assignment (optional)
+## (2) Configure ID token claims
-With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, add the `groups` claim to the user ID token in your OIDC provider settings. This claim should map to a user’s group membership.
+The organization's OIDC provider needs to include specific claims in the user ID token. Instruct them to add the following claims to their OIDC provider settings:
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+- `sub`: Maps to the `idp_id` attribute in WorkOS user profiles
+- `email`: Maps to the `email` attribute in WorkOS user profiles
+- `given_name`: Maps to the `first_name` attribute in WorkOS user profiles
+- `family_name`: Maps to the `last_name` attribute in WorkOS user profiles
----
+For many providers, these claims are included by default, but some providers require manual configuration.
-## (3) Provide your Client Credentials
+### Role Assignment (optional)
-After creating an OpenID Connect application, a Client ID and Client Secret will be provisioned for you by your Identity Provider. Enter these in your Connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To enable this functionality, instruct the organization to add the `groups` claim to the user ID token in their OIDC provider settings. This claim should map to a list of the user's group memberships.
+> Finish role assignment set-up by navigating to the SSO connection page in the **Organizations** section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 ---
-## (4) Add Discovery Endpoint
+## (3) Obtain client credentials and discovery endpoint
+After the organization creates an OpenID Connect application, their identity provider will provision client credentials and a discovery endpoint.
-Your Identity Provider’s Discovery Endpoint contains important configuration information. Enter this in your connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/). Your Connection will then be verified and good to go!
+The discovery endpoint will always end with `/.well-known/openid-configuration` as described in the [OpenID Provider Configuration Request documentation](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest). You can confirm that the discovery endpoint is correct by entering it in a browser window. If there is a JSON object with metadata about the connection returned, the endpoint is correct.
-The OIDC discovery endpoint will always end with `/.well-known/openid-configuration` as described in the [OpenID Provider Configuration Request documentation](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest).
+In the WorkOS Dashboard, navigate to your connection settings. Paste the **Client ID**, **Client Secret**, and **Discovery Endpoint** values from the organization's IT team into their respective input fields. Click **Update connection**.
-You can confirm that the discovery endpoint is correct by entering it in a browser window. If there is a JSON object with metadata about the connection returned, the endpoint is correct.
+![Input the Client ID, Client Secret, and Discovery Endpoint in the WorkOS Dashboard](https://images.workoscdn.com/images/ed603b39-a06e-4c2f-b96f-7cadaa793be4.png?auto=format&fit=clip&q=50)

package/.docs/organized/docs/integrations/okta-oidc.mdx ADDED Viewed

@@ -0,0 +1,149 @@
+---
+title: Okta OIDC
+description: Learn how to configure a connection to Okta via OIDC.
+icon: okta
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/okta-oidc.mdx
+---
+## Introduction
+Each SSO identity provider requires specific information to create and configure a new [SSO connection](/glossary/connection). Often, the information required to create an SSO connection will differ by identity provider.
+To create an Okta OIDC SSO connection, you'll need four pieces of information: a [redirect URI](/glossary/redirect-uri), [client ID](/glossary/client-id), [client secret](/glossary/client-secret), and [discovery endpoint](/glossary/discovery-endpoint).
+Start by logging in to your WorkOS dashboard and navigate to the **Organizations** page from the left-hand navigation bar.
+Select the organization you'd like to configure an Okta OIDC SSO connection for, and select **Configure manually** under **Single Sign-On**.
+![WorkOS Dashboard Organizations tab with "Configure manually" button highlighted](https://images.workoscdn.com/images/d577cfbe-028b-48cf-8cc0-4cd5d3adf853.png?auto=format&fit=clip&q=50)
+Select **Okta OIDC** from the identity provider dropdown, enter a descriptive name for the connection, click **Create Connection**.
+![Create Connection form with Okta OIDC selected as Identity Provider](https://images.workoscdn.com/images/6e60c859-936e-4894-ac88-0524565ef8c8.png?auto=format&fit=clip&q=50)
+---
+## What WorkOS provides
+WorkOS provides the Redirect URI, which can be found in the **Service Provider Details** section on the SSO connection page in the [WorkOS Dashboard](https://dashboard.workos.com/).
+- [Redirect URI](/glossary/redirect-uri): The endpoint where identity providers send authentication responses after successful login
+![The Redirect URI of a OIDC connection in the WorkOS Dashboard.](https://images.workoscdn.com/images/99a7c7d5-50a9-4bff-a3f3-22dc1cfeca58.png?auto=format&fit=clip&q=50)
+The Redirect URI is the location an identity provider redirects its authentication response to. In Okta's case, it needs to be set as the **Sign-in redirect URI** when configuring your OIDC application in their Okta instance.
+Specifically, the Redirect URI will need to be added to the **Sign-in redirect URIs** section in the **Create OpenID Connect Integration** wizard, which is outlined in [step 2](/integrations/okta-oidc/2-configure-the-integration).
+---
+## What you'll need
+You will need to obtain three pieces of information from the organization:
+- [Client ID](/glossary/client-id): Application identifier from the OIDC provider
+- [Client secret](/glossary/client-secret): Authentication secret for the application
+- [Discovery endpoint](/glossary/discovery-endpoint): Configuration URL containing OIDC metadata
+Normally, this information will come from the organization's IT Management team when they set up your application's OIDC configuration in their Okta admin dashboard. But, should that not be the case during your setup, the next steps will show you how to obtain it.
+---
+## (1) Create OIDC integration
+Log in to the Okta admin console, and select **Applications** in the left-hand sidebar.
+![Okta admin console navigation menu with Applications tab highlighted](https://images.workoscdn.com/images/d3e05208-2c35-4cba-a592-62aadf2752a1.png?auto=format&fit=clip&q=50)
+Click **Create App Integration**.
+![Okta Applications page with "Create App Integration" button](https://images.workoscdn.com/images/8059f5a3-0c46-45fb-a4db-30c13c0fc0de.png?auto=format&fit=clip&q=50)
+In the **Create a new app integration** dialog, select **OIDC - OpenID Connect** and **Web Application**.
+![Create app integration dialog with OIDC - OpenID Connect and Web Application selected](https://images.workoscdn.com/images/d6b2f9e8-42f4-4279-9adf-6954644a9758.png?auto=format&fit=clip&q=50)
+Click **Next**.
+---
+## (2) Configure the integration
+Enter a descriptive App name, then configure the Sign-in redirect URI.
+![OIDC app configuration form with app name field and sign-in redirect URI section](https://images.workoscdn.com/images/7ed6bf17-6839-48f2-b796-883b181c1e79.png?auto=format&fit=clip&q=50)
+Locate the **Sign-in redirect URIs** section and click **Add URI**. Copy the [Redirect URI](/integrations/okta-oidc/what-workos-provides) from the SSO connection page in your WorkOS Dashboard and paste it into this field.
+![Sign-in redirect URIs configuration with WorkOS redirect URI entered](https://images.workoscdn.com/images/fa2cc4f3-a11a-4612-8b58-4739385babac.png?auto=format&fit=clip&q=50)
+Scroll down to the **Assignments** section. Select **Limit access to selected groups** and assign the appropriate groups to the application. This can be edited later.
+![Assignments section with "Limit access to selected groups" option selected](https://images.workoscdn.com/images/743f90a9-aa9d-48a1-94e4-05b1743f9e81.png?auto=format&fit=clip&q=50)
+Click **Save**.
+---
+## (3) Obtain configuration details
+On the **General** tab, locate the **Client ID** and **Client secret**. Back in the WorkOS Dashboard, enter the client ID, and client secret into the respective fields in the **Identity Provider Configuration** section of the SSO connection.
+![Okta app General tab showing Client ID and Client secret fields](https://images.workoscdn.com/images/20ac0b30-2575-401c-973d-016c8a18efe9.png?auto=format&fit=clip&q=50)
+In the top right-hand navigation, click your user email and locate the **Okta tenant domain** which usually ends with `.okta.com`.
+Copy this value and define the discovery endpoint in the format: `https://{tenant-domain}/.well-known/openid-configuration`. Enter this URL in the **Discovery Endpoint** field in the WorkOS dashboard.
+![WorkOS Dashboard Identity Provider Configuration with client ID, client secret, and discovery endpoint fields](https://images.workoscdn.com/images/24179b09-b86d-46f8-9375-95b9ff9abd36.png?auto=format&fit=clip&q=50)
+Click **Save Configuration**.
+---
+## (4) Role assignment (optional)
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. Users will automatically be granted the assigned roles within your application when they authenticate. To enable this functionality:
+### Set groups claim in Okta
+Navigate to the **Sign On** tab of your OIDC application, locate the **Token Claims** section, click **Show legacy configuration** and click **Edit**.
+![Okta app Sign On tab with Claims section and Edit button](https://images.workoscdn.com/images/d699c5cb-c4f1-4299-acbe-7ed4cc1dfee9.png?auto=format&fit=clip&q=50)
+![Okta app Token Claims section and Show legacy configuration section](https://images.workoscdn.com/images/b3b44868-5761-4b74-bd5a-e653b017eba7.png?auto=format&fit=clip&q=50)
+Set the **Groups claim type** to **Filter**. Define the **Groups claim filter** as `groups` and set a filter to match the appropriate Okta groups. To match all groups, use the regex `.*` as shown below.
+![Okta app Legacy group claims configuration](https://images.workoscdn.com/images/3dc662e0-e62d-478b-9de0-4f5666ccea56.png?auto=format&fit=clip&q=50)
+### Configure role assignment in WorkOS
+In Okta, navigate to the **Assignments** tab in the application. Locate the **Filters** sidebar, click on **Groups** to filter and display all the assigned groups available to map.
+![Okta dashboard showing assigned groups](https://images.workoscdn.com/images/17d32c5b-fc4b-458b-98f6-99c774af1522.png?auto=format&fit=clip&q=50)
+From the SSO connection page in the [WorkOS Dashboard](https://dashboard.workos.com/), scroll to the **Groups and role assignments** section.
+![WorkOS dashboard highlighting create group button](https://images.workoscdn.com/images/c29ef1a7-d873-49f6-ad43-8c945245a033.png?auto=format&fit=clip&q=50)
+For each group you want to assign a role, click the **Create group** button and enter the following:
+1. Copy the group name from Okta into the **IdP Group ID** field.
+2. Optionally, enter a group name into the **Name** field.
+3. Assign the appropriate role to the group.
+![WorkOS dashboard with open create group dialog and idp_id, name, and role assignment inputs](https://images.workoscdn.com/images/d542c8c3-e032-41a6-ae72-c8dc586ec88d.png?auto=format&fit=clip&q=50)
+> Group members without an explicit role will receive the default role.
+---
+## Next steps
+Your Okta OIDC connection is now configured and ready to use. Users assigned to the application in Okta will be able to authenticate through WorkOS using their Okta credentials.
+To start using this connection in your application, refer to the [SSO guide](/sso) for implementation details.

package/.docs/organized/docs/integrations/okta-saml.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: Okta SAML
-description: "Learn how to configure a connection to\_Okta via SAML."
+description: Learn how to configure a connection to Okta via SAML.
 icon: okta
 breadcrumb:
   title: Integrations
@@ -20,7 +20,7 @@ Select the organization you’d like to configure an Okta Connection for, and se
 ![A screenshot showing where to find "Manually Configure Connection" in the WorkOS Dashboard.](https://images.workoscdn.com/images/9270090d-4f59-4b7b-95e9-1132a6bee872.png?auto=format&fit=clip&q=50)
-Select “Okta” from the Identity Provider dropdown, enter a descriptive name for the connection, and then select the “Create Connection” button.
+Select “Okta SAML” from the Identity Provider dropdown, enter a descriptive name for the connection, and then select the “Create Connection” button.
 ![A screenshot showing "Create Connection" details in the WorkOS Dashboard.](https://images.workoscdn.com/images/287303da-4bbd-433b-bdd2-06f5002dd5ca.png?auto=format&fit=clip&q=50)
@@ -101,7 +101,7 @@ Scroll down to the Group Attribute Statements configuration. The Name should be
 ![A screenshot showing the "Groups Attribute Statement" configuration in the Okta Dashboard.](https://images.workoscdn.com/images/723c0734-a8cc-4903-a90d-273dfe282886.png?auto=format&fit=clip&q=50)
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 ---

package/.docs/organized/docs/integrations/okta-scim.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: Okta SCIM
-description: "Learn about syncing your user list with\_Okta SCIM."
+description: Learn about syncing your user list with Okta SCIM.
 icon: okta
 breadcrumb:
   title: Integrations
@@ -109,7 +109,7 @@ Click “Save”.
 ## (5) Assign users and groups to your application
-To assign users to the SAML Application, navigate to the “Assignments” tab, from the “Assign” dropdown, select “Assign to People”.
+To assign users to the SCIM Application, navigate to the “Assignments” tab, from the “Assign” dropdown, select “Assign to People”.
 ![A screenshot showing where to select "Assign to People" in the "Assign" dropdown in the "Assignments" tab in Okta.](https://images.workoscdn.com/images/ad17bd85-3a0c-4bda-b2af-001c3451ea75.png?auto=format&fit=clip&q=50&w=1080)
@@ -208,3 +208,7 @@ Deactivating or Deleting a User in Okta will result in a `inactive` status in co
 For more details, please refer to Okta's official documentation
 [User Suspension](https://help.okta.com/en-us/content/topics/users-groups-profiles/usgp-suspend.htm)
 [User Deactivation and Deletion](https://help.okta.com/en-us/content/topics/users-groups-profiles/usgp-deactivate-user-account.htm).
+### What is the `idp_id` for directory groups from Okta?
+Okta only provides a group display name as a group identifier, so this display name is persisted as the `idp_id` and `name` for [directory groups](/reference/directory-sync/directory-group) in WorkOS.

package/.docs/organized/docs/integrations/onelogin-saml.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: OneLogin SAML
-description: "Learn how to configure a connection to\_OneLogin via SAML."
+description: Learn how to configure a connection to OneLogin via SAML.
 icon: onelogin
 breadcrumb:
   title: Integrations
@@ -108,7 +108,7 @@ Map the `groups` field to the attribute in OneLogin containing a user’s group
 ![A screenshot showing how to map the groups parameter in the OneLogin Dashboard.](https://images.workoscdn.com/images/a70cf3c0-3d41-41d7-9c30-ee81ad497acb.png?auto=format&fit=clip&q=50)
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 ---

package/.docs/organized/docs/integrations/onelogin-scim.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: OneLogin SCIM
-description: "Learn about syncing your user list with\_OneLogin SCIM."
+description: Learn about syncing your user list with OneLogin SCIM.
 icon: onelogin
 breadcrumb:
   title: Integrations

package/.docs/organized/docs/integrations/oracle-saml.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: Oracle SAML
-description: "Learn how to configure a connection to\_Oracle via SAML."
+description: Learn how to configure a connection to Oracle via SAML.
 icon: oracle
 breadcrumb:
   title: Integrations
@@ -59,7 +59,7 @@ Ensure the following attribute mapping is set:
 With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named `groups`.
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 ---

package/.docs/organized/docs/integrations/pingfederate-saml.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: PingFederate SAML
-description: "Learn how to configure a connection to\_PingFederate via SAML."
+description: Learn how to configure a connection to PingFederate via SAML.
 icon: ping-identity
 breadcrumb:
   title: Integrations
@@ -88,7 +88,7 @@ Then, navigate to the "Attribute Contract Fulfillment" page and map the new `gro
 ![A screenshot showing a mapped groups attribute in the Attribute Contract Fulfillment area in PingFederate.](https://images.workoscdn.com/images/6115e8ae-c34e-4131-9d94-e6adfd94e9c1.png?auto=format&fit=clip&q=50)
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 ---

package/.docs/organized/docs/integrations/pingfederate-scim.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: PingFederate SCIM
-description: "Learn about syncing your user list with\_PingFederate SCIM."
+description: Learn about syncing your user list with PingFederate SCIM.
 icon: ping-identity
 breadcrumb:
   title: Integrations

package/.docs/organized/docs/integrations/pingone-saml.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: PingOne SAML
-description: "Learn how to configure a connection to\_PingOne via SAML."
+description: Learn how to configure a connection to PingOne via SAML.
 icon: ping-identity
 breadcrumb:
   title: Integrations
@@ -67,7 +67,7 @@ Select the `+ Add` button once. To return the names of all groups a user is a me
 Add a new `groups` attribute mapped to the "Group Names" PingOne attribute.
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 ---

package/.docs/organized/docs/integrations/rippling-saml.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: Rippling SAML
-description: "Learn how to configure a connection to\_Rippling via SAML."
+description: Learn how to configure a connection to Rippling via SAML.
 icon: rippling
 breadcrumb:
   title: Integrations
@@ -145,7 +145,7 @@ Select the attribute values to map to the group attribute. The example below sho
 ![A screenshot showing how to map the group attribute for Admins in the Rippling dashboard.](https://images.workoscdn.com/images/5a113ba9-0874-4574-95ab-a7e462dd856a.png?auto=format&fit=clip&q=80)
-> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the IdP Group ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
 ---

package/.docs/organized/docs/integrations/rippling-scim.mdx CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 title: Rippling SCIM
-description: "Learn about syncing your user list with\_Rippling SCIM v2.0."
+description: Learn about syncing your user list with Rippling SCIM v2.0.
 icon: rippling
 breadcrumb:
   title: Integrations

package/.docs/organized/docs/integrations/sailpoint-scim.mdx ADDED Viewed

@@ -0,0 +1,77 @@
+---
+title: SailPoint SCIM
+description: Learn about syncing users with SailPoint SCIM
+icon: sailpoint
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/sailpoint-scim.mdx
+---
+## Introduction
+To set up a SailPoint SCIM v2.0 directory sync connection, you'll need to provide the organization's IT team with specific configuration details from WorkOS. This allows their SailPoint SCIM server to synchronize users and groups with your application.
+---
+## What WorkOS provides
+When setting up a SailPoint SCIM directory sync connection, WorkOS provides two key pieces of information that you'll need to share with the organization:
+- [Endpoint](/glossary/endpoint): The URL where the SailPoint SCIM server will send requests
+- [Bearer Token](/glossary/bearer-token): Authentication credentials for the endpoint requests
+Both of these are available in the **Directory details** section of the directory sync connection in the [WorkOS Dashboard](https://dashboard.workos.com/).
+![The WorkOS dashboard, highlights the directory details card with filled endpoint and bearer token inputs](https://images.workoscdn.com/images/1ae8c088-07d6-4512-9abf-1adec38f6b0b.png?auto=format&fit=clip&q=50)
+These settings enable the organization's SailPoint SCIM server to securely send user and group data to your application through WorkOS.
+---
+## What you will need
+The organization's IT team will handle the SailPoint SCIM server configuration on their end. You simply need to provide them with the endpoint URL and bearer token from the WorkOS Dashboard.
+Typically, the organization's IT team will use these values to configure your application within their SailPoint SCIM server or identity provider admin dashboard.
+---
+## (1) Set up your directory sync endpoint
+Login to the [WorkOS Dashboard](https://dashboard.workos.com/).
+In the left navigation menu, select the **Organizations** tab. Select the appropriate organization for which you will enable a SailPoint SCIM directory sync connection.
+On the organization's page, scroll down to the **Directory Sync** section. Click **Configure manually**.
+![WorkOS Dashboard showing directory sync card with configure manually button highlighted](https://images.workoscdn.com/images/ebf08eb3-a698-4498-adde-1b551ab0f519.png?auto=format&fit=clip&q=50)
+Select **SailPoint** as the directory type. Input an appropriate name for the connection. Click **Create Directory**.
+![The WorkOS Dashboard with a create directory dialog showing directory type and name inputs](https://images.workoscdn.com/images/aa5a17d9-0990-4af6-a61f-1640658650e1.png?auto=format&fit=clip&q=50)
+The directory sync connection will now display the endpoint for the SailPoint SCIM server and the bearer token.
+> We have support for custom labeled URLs for directory sync endpoints. [Contact us](mailto:support@workos.com) for more info!
+---
+## (2) Provide SailPoint SCIM configuration to the organization
+Copy the **Endpoint** and **Bearer Token** from the **Directory details** section on the directory page of the WorkOS Dashboard.
+Provide these values to the organization's IT team so they can configure the application within their SailPoint SCIM server or identity provider admin dashboard:
+- **Endpoint URL**: The destination where their SailPoint SCIM server will send user and group data
+- **Bearer Token**: Authentication credentials for secure communication
+Once the organization has configured these values in their SailPoint SCIM server, your application will be ready to receive real-time user and group synchronization.
+---
+## (3) Assign users and groups to your application
+Now, whenever the organization assigns users or groups to your application in their directory, you'll receive real-time dashboard updates based on changes in their system.
+A detailed guide to integrate the WorkOS API with your application can be found [here](/directory-sync).