@workos/mcp-docs-server 0.1.0

package/.docs/organized/docs/integrations/okta-scim.mdx

@@ -0,0 +1,210 @@
+---
+title: Okta SCIM
+description: "Learn about syncing your user list with\_Okta SCIM."
+icon: okta
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/okta-scim.mdx
+---
+
+## Introduction
+
+This guide outlines how to synchronize your application’s Okta directories using SCIM.
+
+To synchronize an organization’s users and groups provisioned for your application, you’ll need to provide the organization with two pieces of information:
+
+- An [Endpoint](/glossary/endpoint) that Okta will make requests to.
+- A [Bearer Token](/glossary/bearer-token) for Okta to authenticate its endpoint requests.
+
+After completing step 1 below, both of these are available in your Endpoint’s Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+> The rest of the steps below will need to be carried out by the organization when configuring your application in their Okta instance.
+
+---
+
+## (1) Set up your Directory Sync endpoint
+
+Login to your WorkOS Dashboard and select “Organizations” from the left hand navigation bar.
+
+Select the organization you’ll be configuring a new Directory Sync with.
+
+Scroll to the “User provisioning“ section. Then, click ”Configure manually“ within the ”Directory Sync” section.
+
+![A screenshot showing where to click "Configure manually" in the WorkOS dashboard.](https://images.workoscdn.com/images/a700462c-afd2-4c12-a6cb-59bfc0d34c13.png?auto=format&fit=clip&q=50)
+
+Select “Okta” from the Directory Provider dropdown and provide the Name for the Directory Sync connection. Then, click “Create Directory”.
+
+![A screenshot showing where to name and create an Okta directory in the WorkOS dashboard.](https://images.workoscdn.com/images/7e564f43-2328-4c0d-a9ab-b7cf3ec7dbeb.png?auto=format&fit=clip&q=50)
+
+You’ll see WorkOS has created the Endpoint and Bearer Token which you will provide to Okta in the steps below.
+
+![A screenshot showing the Okta directory details in the WorkOS dashboard.](https://images.workoscdn.com/images/de45d3de-7ffc-46e0-b61c-4e8b1b9fce2e.png?auto=format&fit=clip&q=50)
+
+> We have support for custom labeled URLs for Directory Sync endpoints. [Contact us](mailto:support@workos.com) for more info!
+
+---
+
+## (2) Select or create your Okta application
+
+Log in to [Okta](https://login.okta.com/), go to the Okta admin dashboard and select “Applications” in the navigation bar.
+
+![A screenshot showing where to select "Applications" in Okta.](https://images.workoscdn.com/images/81f7f92f-9cc1-441d-b270-6a7c794122c1.png?auto=format&fit=clip&q=50)
+
+If your application is already created, select it from the list of applications and move to Step 3.
+
+![A screenshot showing where to select an already created application in Okta.](https://images.workoscdn.com/images/98447a34-3e6a-404d-8419-b9f105657d1d.png?auto=format&fit=clip&q=50)
+
+If you haven’t created a SCIM application in Okta, select “Browse App Catalog”.
+
+![A screenshot showing where to select "Browse App Catalog" in Okta.](https://images.workoscdn.com/images/312382ac-4381-4a9b-9407-3bd5d1655a3e.png?auto=format&fit=clip&q=50)
+
+From your Okta Application dashboard, search for “SCIM 2.0 Test App (OAuth Bearer Token)” and select the corresponding result.
+
+![A screenshot showing where to search for "SCIM 2.0 Test App (OAuth Bearer Token)" in the App Integration Catalog in Okta.](https://images.workoscdn.com/images/12e0e6f9-1de0-49f7-95ba-960c0512387c.png?auto=format&fit=clip&q=50&w=1080)
+
+On the following page, click “Add Integration”.
+
+![A screenshot showing where to click "Add" in the SCIM 2.0 Test App (OAuth Bearer Token) overview page in Okta.](https://images.workoscdn.com/images/553af5dc-242b-4cf5-86e1-fe570f7b7acf.png?auto=format&fit=clip&q=50&w=1200)
+
+Enter a descriptive App name, then click “Next”.
+
+![A screenshot showing where to enter a name in the "Application label" field in Okta.](https://images.workoscdn.com/images/18c46d9e-e177-46b4-a462-c302b284daed.png?auto=format&fit=clip&q=50&w=1080)
+
+Many applications will work with the default configuration that is set on your new application. If you require any additional configuration for your directory such as configuring Attribute Statements, do so on the Sign-On Options page. Click “Done” to complete creating your application.
+
+---
+
+## (3) Configure your Okta provisioning API integration
+
+In your application’s Enterprise Okta admin panel, click the “Provisioning” tab. Then, click “Configure API Integration”.
+
+![A screenshot showing where to navigate to the "Provisioning" tab to click "Configure API Integration" in Okta.](https://images.workoscdn.com/images/b78d814a-b58d-47df-9523-0bff7e7b2a42.png?auto=format&fit=clip&q=50&w=1080)
+
+Check “Enable API Integration”. After that, copy and paste the Endpoint from your [WorkOS Dashboard](https://dashboard.workos.com/) in the SCIM 2.0 Base URL field.
+
+Then, copy and paste the Bearer Token from your [WorkOS Dashboard](https://dashboard.workos.com/) into the OAuth Bearer Token field.
+
+Click “Test API Credentials”, and then click “Save”.
+
+![A screenshot showing where to configure the provisioning credentials in the "Provisioning" tab in Okta.](https://images.workoscdn.com/images/dbeae5e9-e0b8-402a-9330-4a9eaf82f05b.png?auto=format&fit=clip&q=50)
+
+The provisioning tab will now show a new suite of options which we’ll utilize in the next Guide Section to continue provisioning your application.
+
+---
+
+## (4) Select options to provision to your application
+
+In the “To App” navigation section, check to enable:
+
+- Create Users
+- Update User Attributes
+- Deactivate Users
+
+Click “Save”.
+
+![A screenshot showing where to enable "Create Users", "Update User Attributes", and "Deactivate Users" in the "To App" tab in Okta.](https://images.workoscdn.com/images/a148a5b7-9685-4034-b871-7f0908764617.png?auto=format&fit=clip&q=50&w=1080)
+
+---
+
+## (5) Assign users and groups to your application
+
+To assign users to the SAML Application, navigate to the “Assignments” tab, from the “Assign” dropdown, select “Assign to People”.
+
+![A screenshot showing where to select "Assign to People" in the "Assign" dropdown in the "Assignments" tab in Okta.](https://images.workoscdn.com/images/ad17bd85-3a0c-4bda-b2af-001c3451ea75.png?auto=format&fit=clip&q=50&w=1080)
+
+Select users you’d like to provision and select “Assign”.
+
+![A screenshot showing where to select "Assign" for specific users in Okta.](https://images.workoscdn.com/images/24edda3d-d8ea-4b4c-8bc4-23ff389baca9.png?auto=format&fit=clip&q=50&w=1080)
+
+When you click “Assign” a lengthy form will open where you can populate all of the user’s metadata. Confirm the metadata fields, scroll down to the bottom, and press “Save and Go Back”. Repeat this for all users and select “Done”.
+
+![A screenshot showing where to select "Save and Go Back" to complete user assignment in Okta.](https://images.workoscdn.com/images/f91bc47f-f734-453a-8bba-f3cf92d13c9e.png?auto=format&fit=clip&q=50&w=1080)
+
+To push groups in order to sync group membership, navigate to the “Push Groups” tab, from the “Push Groups” dropdown, select: “Find groups by name”.
+
+<OktaIntegrationCautionBlock />
+
+![A screenshot showing where to select "Find groups by name" in the "Push Groups" dropdown in the "Push Groups" tab in Okta.](https://images.workoscdn.com/images/0640cdd8-631e-4f7c-9483-c3f00f93be2f.png?auto=format&fit=clip&q=50&w=1080)
+
+Search for the group you’d like to push and select it. Make sure the box is checked for “Push Immediately” and click “Save”.
+
+![A screenshot showing where to search for groups to push in the "Push Groups" tab in Okta.](https://images.workoscdn.com/images/5ac81a96-1849-4c5b-8833-fa6a110e3da9.png?auto=format&fit=clip&q=50&w=1080)
+
+In the WorkOS dashboard, you should now see the users and groups synced over.
+
+![A screenshot showing a successfully synced user from an Okta directory in the WorkOS dashboard.](https://images.workoscdn.com/images/3bcbe3b4-e17c-40ac-8dcd-f098b52d8e8a.png?auto=format&fit=clip&q=50)
+
+A detailed guide to integrate the WorkOS API with your application can be found [here](/directory-sync)
+
+---
+
+## Configuring user attribute mappings
+
+For any non-standard attributes used by the application, some configuration may be required in Okta. Below is a guide on configuring user attribute mappings, so they propagate via SCIM.
+
+### (1) Viewing application attributes
+
+From the Okta administrator portal, navigate to Directory → Profile Editor, and find the application for which you'd like to edit mappings.
+
+![Okta profile editor](https://images.workoscdn.com/images/6c58b92b-233c-4329-af2e-d024d7715081.png?auto=format&fit=clip&q=50)
+
+Clicking into the application will bring you to a Profile Editor page:
+
+![Okta application profile editor](https://images.workoscdn.com/images/b68c705c-b08d-4d7c-a923-41e0cf7cbfed.png?auto=format&fit=clip&q=50)
+
+You'll likely see several attributes listed, which are scoped to the application. If you see an attribute listed you're looking to map to an application, there's no need to create a new attribute and you can skip to [step 3](/integrations/okta-scim/configuring-user-attribute-mappings/3-mapping-an-attribute).
+
+### (2) Adding an attribute
+
+If a desired attribute is missing from your application, click the "Add Attribute" button to create a new attribute.
+
+![Okta profile editor add attribute](https://images.workoscdn.com/images/34a7d5da-885c-481a-b44d-60f631c7711c.png?auto=format&fit=clip&q=50)
+
+Enter a display name and variable name of your choosing, and ensure the external name matches the key required by the third-party application. For example, if the third-party application pulls the manager value from `manager.value`, the external name should be `manager.value`.
+
+For attributes included as part of the SCIM enterprise extension, enter the external namespace as `urn:ietf:params:scim:schemas:extension:enterprise:2.0:User`.
+
+![Okta add attribute dialog](https://images.workoscdn.com/images/d4a7cff9-0226-4462-ab11-c086b4b4533e.png?auto=format&fit=clip&q=50)
+
+Once you’ve entered the required information, click "Save".
+
+### (3) Mapping an attribute
+
+To map Okta user profile attributes to your application users, click on the “Mappings” button.
+
+![Okta profile editor mappings](https://images.workoscdn.com/images/542ba367-6147-4ea5-bb18-4d55e13232ea.png?auto=format&fit=clip&q=50)
+
+Mappings can be bidirectional, either from the application to the Okta user or from the Okta user to the application. This guide will focus on mapping from the Okta user to the application. Click the "Okta User to (name of application)" tab.
+
+![Okta to application mapping tab](https://images.workoscdn.com/images/de8218c4-b96b-4761-85e9-6843b200e445.png?auto=format&fit=clip&q=50)
+
+Find the name of the attribute you’d like to map in the right column. In the corresponding row's left column, enter the name of the Okta user profile attribute you’d like to map over. For example, if you’re looking to map manager email in the application, select `managerId` in the left column.
+
+![Okta mapping select attribute](https://images.workoscdn.com/images/97fafcf8-0845-4e09-8699-7ec5560255ce.png?auto=format&fit=clip&q=50)
+
+Ensure the apply mappings setting is set to "Apply mapping on user create and update".
+
+![Okta apply mappings selection](https://images.workoscdn.com/images/d1a3c86a-36e9-49ba-bf5a-7538c0992aa5.png?auto=format&fit=clip&q=50)
+
+Once your mappings are configured, click "Save Mappings" and "Apply updates now". These new attribute mappings will now propagate to the application.
+
+## Frequently asked questions
+
+### When a user is assigned to the SCIM app via a group, I don’t see a user removed webhook if the user is removed from the group – is this expected?
+
+It is a known issue with Okta SCIM that if a user is assigned to a SCIM app via a group, you won’t see a `dsync.group.user_removed` event if the user is removed from the group. This is a limitation in Okta, where group memberships are not updated in this case. The user needs to be assigned directly to the SCIM app, and the group needs to be pushed in the SCIM app. If those two conditions are met, Okta will send the correct group membership updates.
+
+### How often do the Okta SCIM 2.0 directories perform a sync?
+
+The Okta SCIM 2.0 directory syncs events in real time.
+
+### Why is a user suspended in Okta still active in WorkOS?
+
+Suspending a User in Okta will only affect their login and will not alter their status in any connected applications.
+
+Deactivating or Deleting a User in Okta will result in a `inactive` status in connected applications (i.e., WorkOS).
+
+For more details, please refer to Okta's official documentation
+[User Suspension](https://help.okta.com/en-us/content/topics/users-groups-profiles/usgp-suspend.htm)
+[User Deactivation and Deletion](https://help.okta.com/en-us/content/topics/users-groups-profiles/usgp-deactivate-user-account.htm).

package/.docs/organized/docs/integrations/onelogin-saml.mdx

@@ -0,0 +1,131 @@
+---
+title: OneLogin SAML
+description: "Learn how to configure a connection to\_OneLogin via SAML."
+icon: onelogin
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/onelogin-saml.mdx
+---
+
+## Introduction
+
+Each SSO Identity Provider requires specific information to create and configure a new [Connection](/glossary/connection). Often, the information required to create a Connection will differ by Identity Provider.
+
+To create an OneLogin SAML Connection, you’ll need three pieces of information: an [ACS URL](/glossary/acs-url), an [SP Entity ID](/glossary/sp-entity-id), and the [OneLogin SAML Metadata file](/glossary/idp-metadata).
+
+Start by logging into your [WorkOS Dashboard](https://dashboard.workos.com/) and selecting “Organizations” from the left hand navigation bar.
+
+Click on the organization you’d like to configure a OneLogin SAML connection for and select “Manually Configure Connection”.
+
+![A screenshot showing where to find “Manually Configure Connection” for an Organization in the WorkOS Dashboard.](https://images.workoscdn.com/images/9013d473-bfeb-4078-865b-7d40bc853748.png?auto=format&fit=clip&q=50)
+
+Select “OneLogin SAML” from the Identity Provider dropdown, enter a descriptive name for the connection, and then select the “Create Connection” button.
+
+![A screenshot showing how to create a connection in the WorkOS Dashboard.](https://images.workoscdn.com/images/15df7299-f83b-4f48-be6b-b2ab6bfe228c.png?auto=format&fit=clip&q=50)
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the [ACS URL](/glossary/acs-url) and [SP Entity ID](/glossary/sp-entity-id). They are readily available in your Connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+The ACS URL is the location an Identity Provider redirects its authentication response to. In OneLogin’s case, it needs to be set by the organization when configuring your application in their OneLogin instance.
+
+The SP Entity ID is a URI used to identify the issuer of a SAML request and the audience of a SAML response. In this case, the SP Entity ID is used to communicate that WorkOS will be the party performing SAML requests to the organization's OneLogin instance, and that WorkOS is the intended audience of the SAML responses from the OneLogin instance.
+
+![A screenshot showing where to find the ACS URL and SP Entity ID in the WorkOS Dashboard.](https://images.workoscdn.com/images/5b7bc86b-bdcb-4ac5-a76a-a508e2d6ec0a.png?auto=format&fit=clip&q=50)
+
+---
+
+## What you’ll need
+
+Next, provide the [OneLogin SAML Metadata file](/glossary/idp-metadata).
+
+Normally, this will come from the organization's IT Management team when they set up your application’s SAML 2.0 configuration in their OneLogin admin dashboard. But, should that not be the case during your setup, the next steps will show you how to obtain it.
+
+![A screenshot showing the “Edit Metadata Configuration” button in the WorkOS Dashboard.](https://images.workoscdn.com/images/017ac221-c3bf-40bd-8606-a04c1d41c377.png?auto=format&fit=clip&q=50)
+
+---
+
+## (1) Log in
+
+Log in to [OneLogin](https://app.onelogin.com/login), go to the admin dashboard, and select “Applications” in the navigation bar.
+
+![A screenshot showing the "Applications" button in the OneLogin Dashboard.](https://images.workoscdn.com/images/6d7cdbdf-29aa-4076-aeb3-1d055a6e76ce.png?auto=format&fit=clip&q=50)
+
+---
+
+## (2) Select your application
+
+Select your application from the list of applications.
+
+![A screenshot showing your application selection in the OneLogin Dashboard.](https://images.workoscdn.com/images/0d165d03-b73d-4e39-a85d-c81d27affd60.png?auto=format&fit=clip&q=50)
+
+---
+
+## (3) Configure application
+
+Select “Configuration” from the left-hand navigation:
+
+- Enter the SP Entity ID as the Audience (EntityID) e.g. `https://auth.workos.com/wz5SpShhRIcSEyMM`
+- Enter the ACS URL as the Recipient e.g. `https://auth.workos.com/sso/saml/acs/wz5SpShhRIcSEyMM`
+- Enter your ACS URL Validator e.g. `^https:\/\/auth\.workos\.com\/sso\/saml\/acs\/wz5SpShhRIcSEyMM$`
+- Enter your ACS URL e.g. `https://auth.workos.com/sso/saml/acs/wz5SpShhRIcSEyMM`
+- Enter your application’s login URL
+
+![A screenshot showing how to configure URLs in your OneLogin SAML Application within the OneLogin Dashboard.](https://images.workoscdn.com/images/c9c6e8c0-fece-49c0-a72f-9bb9e087cb66.png?auto=format&fit=clip&q=50)
+
+- Select “Service Provider” from the “SAML Initiator” dropdown menu
+- Select “Assertion” from the “SAML Signature Element” dropdown menu
+
+![A screenshot showing SAML Configuration in the SAML Application within the OneLogin Dashboard.](https://images.workoscdn.com/images/6beae398-67d7-4a3e-91cd-52e669af9ffa.png?auto=format&fit=clip&q=50)
+
+---
+
+## (4) Set up attribute mapping parameters
+
+Select “Parameters” from the left-hand navigation and add the following field-value parameter pairs:
+
+- `email` → `Email`
+- `firstName` → `First Name`
+- `id` → `UUID`
+- `lastName` → `Last Name`
+
+Check the “Include in SAML assertion” flag for each pair.
+
+![A screenshot showing how to configure SAML Attribute Mapping in OneLogin Dashboard.](https://images.workoscdn.com/images/de9efebf-5767-4547-8877-02560c185b5b.png?auto=format&fit=clip&q=50)
+
+### Role Assignment (optional)
+
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, follow the guidance below.
+
+Add a new parameter, and set the "Field name" to `groups`. Under "Flags", click the checkboxes for both "Include in SAML assertion" and "Multi-value parameter".
+
+![A screenshot showing where to add a groups parameter in the OneLogin Dashboard.](https://images.workoscdn.com/images/c29bb81b-3d04-4adf-8dd9-944f7ccbbc14.png?auto=format&fit=clip&q=50)
+
+Map the `groups` field to the attribute in OneLogin containing a user’s group membership, such as "MemberOf", shown in the example below. For more information on sending group information, refer to the [OneLogin documentation](https://onelogin.service-now.com/support?id=kb_article&sys_id=6561990adb5374101c167e77f496191d).
+
+![A screenshot showing how to map the groups parameter in the OneLogin Dashboard.](https://images.workoscdn.com/images/a70cf3c0-3d41-41d7-9c30-ee81ad497acb.png?auto=format&fit=clip&q=50)
+
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+
+---
+
+## (5) Upload Metadata File
+
+Select “SSO” from the left-hand navigation.
+
+Select the “More Actions” dropdown and click on “SAML Metadata”. This will download an XML metadata file.
+
+![A screenshot showing how to download Metadata File in OneLogin Dashboard.](https://images.workoscdn.com/images/9a6cfe8d-62a7-4d2a-a1af-d57b3c02eb2e.png?auto=format&fit=clip&q=50)
+
+In the Connection Settings of the WorkOS Dashboard, click “Edit Metadata Configuration”.
+
+![A screenshot showing the “Edit Metadata Configuration” button in the WorkOS Dashboard. ](https://images.workoscdn.com/images/017ac221-c3bf-40bd-8606-a04c1d41c377.png?auto=format&fit=clip&q=50)
+
+In the modal that pops up, upload the OneLogin Metadata file and then select “Save Metadata Configuration”.
+
+![A screenshot showing the pop-up after clicking the “Edit Metadata Configuration” button in the WorkOS Dashboard.](https://images.workoscdn.com/images/cb8e0b46-b7e0-47e4-81cf-20601612b31e.png?auto=format&fit=clip&q=50)
+
+Once the file has uploaded, your Connection will then be linked and good to go!

package/.docs/organized/docs/integrations/onelogin-scim.mdx

@@ -0,0 +1,150 @@
+---
+title: OneLogin SCIM
+description: "Learn about syncing your user list with\_OneLogin SCIM."
+icon: onelogin
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/onelogin-scim.mdx
+---
+
+## Introduction
+
+This guide outlines how to synchronize your application’s OneLogin directories using SCIM.
+
+To synchronize an organization’s users and groups provisioned for your application, you’ll need to provide the organization with two pieces of information:
+
+- An [Endpoint](/glossary/endpoint) that OneLogin will make requests to.
+- A [Bearer Token](/glossary/bearer-token) for OneLogin to authenticate its endpoint requests.
+
+Both of these are available in your Endpoint’s Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+> Steps 2, 3, and 4 below will need to be carried out by the organization when configuring your application in their OneLogin instance.
+
+---
+
+## (1) Set up your directory sync endpoint
+
+Login to your WorkOS Dashboard and select “Organizations” from the left hand navigation bar.
+
+Select the Organization you’ll be configuring a new Directory Sync for.
+
+Click “Add Directory”.
+
+![A screenshot showing where to find “Add Directory” in the WorkOS Dashboard.](https://images.workoscdn.com/images/2c4f3933-c473-458b-97be-ea22c70f84f0.png?auto=format&fit=clip&q=50)
+
+Select “OneLogin” from the dropdown and enter the organization name.
+
+Then, click “Create Directory.”
+
+![A screenshot showing "Create Directory" details in the WorkOS Dashboard.](https://images.workoscdn.com/images/0e8ef0ef-5030-46c1-a0fa-65540bc67dc5.png?auto=format&fit=clip&q=50)
+
+Your OneLogin directory sync has now been created successfully with an Endpoint and Bearer Token.
+
+![A screenshot showing where to find the "Endpoint" and "Bearer Token" for an organization in the WorkOS Dashboard.](https://images.workoscdn.com/images/7bad6045-0611-4c6d-8d11-754f3d878bbb.png?auto=format&fit=clip&q=50)
+
+> We have support for custom labeled URLs for Directory Sync endpoints. [Contact us](mailto:support@workos.com) for more info!
+
+---
+
+## (2) Select or create your OneLogin application
+
+Log in to the OneLogin admin dashboard, select the “Applications” tab at the top. If the application has already been created, select it and move to step 3. Otherwise, select “Add App”.
+
+![A screenshot showing where to select "Add App" in OneLogin](https://images.workoscdn.com/images/c5f77445-e09f-4e21-8911-a240e6deee26.png?auto=format&fit=clip&q=50)
+
+Search for “SCIM” in the text field and select the Application with type “SCIM Provisioner with SAML (SCIM V2 Enterprise)”.
+
+![A screenshot showing where to search for “SCIM” and select the application “SCIM Provisioner with SAML (SCIM V2 Enterprise)”](https://images.workoscdn.com/images/a47d721e-db6f-490b-b3e0-9ac284bd3464.png?auto=format&fit=clip&q=50)
+
+Give your Application a descriptive Display Name and hit “Save”.
+
+![A screenshot showing where to add a "Display Name" to your App in OneLogin](https://images.workoscdn.com/images/4dd4042a-847e-4fde-b835-750a2f0c5644.png?auto=format&fit=clip&q=50)
+
+---
+
+## (3) Configure your integration
+
+Within the SCIM Application, select the “Configuration” tab on the left.
+
+Copy and paste the Endpoint from your [WorkOS Dashboard](https://dashboard.workos.com/) into the “SCIM Base URL” field.
+
+Then, copy and paste the Bearer Token from your [WorkOS Dashboard](https://dashboard.workos.com/) into the “SCIM Bearer Token” field.
+
+Hit “Enable” under “API Status” and then hit “Save”.
+
+![A screenshot showing where to select the "Configure" tab and input your "SCIM Base URL" and "SCIM Bearer Token" in your SCIM App in OneLogin](https://images.workoscdn.com/images/12411c31-4662-4da1-9e94-7348e46ddc50.png?auto=format&fit=clip&q=50)
+
+Select the “Provisioning” tab on the left. Check the “Enable provisioning” box and hit “Save”.
+
+![A screenshot showing where to select "Provisioning" tab select "Enable Provisioning" in OneLogin](https://images.workoscdn.com/images/94f76ad5-30ad-4d65-a3c7-6a18ec0e0683.png?auto=format&fit=clip&q=50&w=2048)
+
+Select the “Parameters” tab on the left. Then select “Groups”.
+
+![A screenshot showing where to select the "Parameters" then select the "Groups" in OneLogin SCIM App](https://images.workoscdn.com/images/54c10855-69e5-4484-8ccd-44f2fe89baf3.png?auto=format&fit=clip&q=50)
+
+In the modal that pops up, check the box next to “Include in User Provisioning” and hit “Save”.
+
+![A screenshot showing how to select "Include in User Provisioning" in the "Parameters" tab in OneLogin](https://images.workoscdn.com/images/09795f59-f7c0-4b04-97d5-9044fb05d987.png?auto=format&fit=clip&q=50)
+
+---
+
+## (4) Assign users and groups to your application
+
+In order for your users and groups to be synced, you will need to assign them to your OneLogin Application. Select “Users” from the top navigation menu.
+
+Next, find a user you’d like to provision to the SCIM app. Within that user profile, select the “Applications” tab on the left. Then, click the “+” symbol.
+
+![A screenshot showing where to select "+" in the "Applications" tab in OneLogin](https://images.workoscdn.com/images/ee1e01fa-26f3-49e1-8515-3fedfbdee14b.png?auto=format&fit=clip&q=50)
+
+Select the appropriate app and hit “Continue”.
+
+![A screenshot showing how to select SCIM App to assign OneLogin User](https://images.workoscdn.com/images/f00d45d9-7128-43dd-8bdb-cc48e7eebf7b.png?auto=format&fit=clip&q=50)
+
+Select “Save” in the next modal to confirm the change.
+
+![A screenshot showing how to save User Assignment in OneLogin](https://images.workoscdn.com/images/e9e5ef85-5efb-4b71-8283-e8d570f3103e.png?auto=format&fit=clip&q=50)
+
+There are many ways to provision groups in OneLogin. Below is one method that we recommend, but other methods can be used.
+
+In the top navigation, Select “Users” and then “Roles” from the dropdown. Select “New Role”.
+
+![A screenshot showing how to create a "New Role" in OneLogin](https://images.workoscdn.com/images/ecb269b5-bfe0-41f7-b73f-11a152ac0197.png?auto=format&fit=clip&q=50)
+
+Give the Role a name (this will be the name of the group), select the appropriate SCIM application, and hit “Save”.
+
+![A screenshot showing how to configure and save the "Role" in OneLogin](https://images.workoscdn.com/images/9924f509-c60a-47b5-ae30-017c361d1b55.png?auto=format&fit=clip&q=50)
+
+Click the “Users” tab for the role. Search for any users you’d like to assign to that role and hit “Add To Role”. Then hit “Save”.
+
+![A screenshot showing how to add Users to "Role" in OneLogin](https://images.workoscdn.com/images/b4a4be2a-f75f-4dfe-adb9-dea585be0fce.png?auto=format&fit=clip&q=50&w=2048)
+
+Click “Save” in the next modal to confirm.
+
+![A screenshot showing where to click "Save" assignments to "Role" in OneLogin](https://images.workoscdn.com/images/0a6ebdb2-3896-4481-8e11-ca9f1a23ecd0.png?auto=format&fit=clip&q=50&w=2048)
+
+Navigate back to your SCIM app and click on the “Rules” tab on the left. Then, hit “Add Rule”.
+
+![A screenshot showing the "Rule" tab where you can then click "Add Rule" in OneLogin](https://images.workoscdn.com/images/317311e1-4fac-487f-a30e-2aeeb6e0d30a.png?auto=format&fit=clip&q=50&w=2048)
+
+Give your Rule a name. Under “Actions”, select “Set Groups in your-app-name”. Then, set it to “For each role with value that matches your-role-name”. Hit “Save”.
+
+![A screenshot showing how to configure a "New Mapping" in OneLogin](https://images.workoscdn.com/images/02d19425-34e2-45b3-bb64-bc3962714493.png?auto=format&fit=clip&q=50)
+
+Within your SCIM app under the "Users" tab, you may then need to click on any “Pending” notifications to confirm the update for users.
+
+![A screenshot showing how to confirm updates for Users under the "Users" tab in OneLogin](https://images.workoscdn.com/images/3aa55536-48e8-4322-9e5e-7227c4099f9c.png?auto=format&fit=clip&q=50)
+
+Begin provisioning users and groups and witness realtime changes in your [WorkOS Dashboard](https://dashboard.workos.com/).
+
+![A screenshot showing a linked Directory in the WorkOS Dashboard](https://images.workoscdn.com/images/d33ff319-a791-4ed0-9df4-e7fba02bcce5.png?auto=format&fit=clip&q=50)
+
+A detailed guide to integrate the WorkOS API with your application can be found [here](/directory-sync)
+
+## Frequently asked questions
+
+### When a group is removed, I don't see a `dsync.group.deleted` or `dsync.group.user_removed` events - is this expected?
+
+It is a known issue with OneLogin SCIM that when a group is removed from the application, any user that is _only_ provisioned through that group will be "inactive" but otherwise no indication is received that the group has changed.
+
+The users of the group must be cleaned up before the group itself is removed from the SCIM application.

package/.docs/organized/docs/integrations/oracle-saml.mdx

@@ -0,0 +1,76 @@
+---
+title: Oracle SAML
+description: "Learn how to configure a connection to\_Oracle via SAML."
+icon: oracle
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/oracle-saml.mdx
+---
+
+## Introduction
+
+Each SSO Identity Provider requires specific information to create and configure a new [connection](/glossary/connection). Often, the information required to create a connection will differ by Identity Provider.
+
+To create an Oracle SAML connection, you’ll need the Identity Provider Metadata URL that is available from the organization's Oracle SAML instance.
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the [ACS URL](/glossary/acs-url) and the [SP Entity ID](/glossary/sp-entity-id). They are readily available in your connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+![A screenshot showing where to obtain the SP Entity ID and ACS URL in the WorkOS Dashboard.](https://images.workoscdn.com/images/c1b55179-b848-40c5-b56f-dc15eb325a34.png?auto=format&fit=clip&q=50)
+
+The ACS URL is the location an Identity Provider redirects its authentication response to. The SP Entity ID is a URI used to identify the issuer of a SAML request, response, or assertion.
+
+---
+
+## What you’ll need
+
+In order to integrate you’ll need the IdP Metadata URL.
+
+Normally, this will come from the organization's IT management team when they set up your application’s SAML configuration in their Oracle instance. But, should that not be the case during your setup, here’s how to obtain it.
+
+---
+
+## (1) Configure SAML Application with Service Provider Details
+
+Follow the [Oracle Cloud documentation](https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/add-saml-application.html) to create a new SAML application.
+
+Copy and paste the ACS URL and SP Entity ID into the corresponding fields for Service Provider details and configuration.
+
+In the Advanced Settings of the SSO Configuration page, ensure that you select Signed SSO for Assertion and Response, and Include Signing Certificate in Signature.
+
+---
+
+## (2) Configure SAML Attributes
+
+Expand the Attribute Configuration section on the SSO Configuration page and add the following 4 required attributes: `firstName`, `lastName`, `email`, and `id`.
+
+Ensure the following attribute mapping is set:
+
+- A user’s first name → `firstName`
+- A user’s last name → `lastName`
+- A user’s email address → `email`
+- A unique identifier representing a user → `id`
+
+### Role Assignment (optional)
+
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named `groups`.
+
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+
+---
+
+## (3) Obtain Identity Provider Metadata
+
+Obtain the IdP Metadata URL following the [instructions from Oracle](https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/access-saml-metadata.html).
+
+![A screenshot showing where the IdP Metadata URL is entered in the WorkOS Dashboard.](https://images.workoscdn.com/images/52e3e5ff-d0da-481e-8e40-a614a9c964a5.png?auto=format&fit=clip&q=50)
+
+Alternatively, you can manually configure the connection by providing the IdP URI (Entity ID), [IdP SSO URL](/glossary/idp-sso-url) and X.509 Certificate.
+
+![A screenshot showing the manual configuration details in the WorkOS Dashboard](https://images.workoscdn.com/images/94f7c669-02a8-4d30-9e4f-86ae58b0f318.png?auto=format&fit=clip&q=50)
+
+Your connection will then be Active and good to go!