@workos/mcp-docs-server 0.1.0

package/.docs/organized/docs/integrations/rippling-scim.mdx

@@ -0,0 +1,148 @@
+---
+title: Rippling SCIM
+description: "Learn about syncing your user list with\_Rippling SCIM v2.0."
+icon: rippling
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/rippling-scim.mdx
+---
+
+## Introduction
+
+This guide outlines how to synchronize your application’s Rippling directories using SCIM.
+
+To synchronize an organization’s users and groups provisioned for your application, you’ll need to provide the organization with two pieces of information:
+
+- An [Endpoint](/glossary/endpoint) that Rippling will make requests to.
+- A [Bearer Token](/glossary/bearer-token) for Rippling to authenticate its endpoint requests.
+
+Both of these are available in your Endpoint’s Settings in the [WorkOS Dashboard](https://dashboard.workos.com).
+
+> Steps 2, 3, and 4 below will need to be carried out by the organization when configuring your application in their Rippling instance.
+
+---
+
+## (1) Set up your Directory Sync endpoint
+
+Login to your WorkOS Dashboard and select “Organizations” from the left hand navigation bar.
+
+Select the organization you’ll be configuring a new Directory Sync for.
+
+Under “Actions” click “Add Directory”.
+
+![A screenshot showing where to click "Add Directory" in the WorkOS dashboard.](https://images.workoscdn.com/images/0f13d97a-b2a8-4263-ad11-e8e7633f3ae5.png?auto=format&fit=clip&q=50)
+
+Select “Rippling” from the dropdown, and enter the organization name.
+
+Then, click “Create Directory.”
+
+![A screenshot showing where to name and create a Rippling Directory in the WorkOS dashboard.](https://images.workoscdn.com/images/83cd8619-6ccd-4d49-9a69-5c0cd04dd8d6.png?auto=format&fit=clip&q=50)
+
+Your Rippling directory sync has now been created successfully with an Endpoint and Bearer Token.
+
+![A screenshot showing where to locate the Rippling directory details in the WorkOS dashboard.](https://images.workoscdn.com/images/98b1e1f1-b601-4df0-97bc-cfa824a7559e.png?auto=format&fit=clip&q=50)
+
+> We have support for custom URLs for Directory Sync endpoints. [Contact us](mailto:support@workos.com) for more info!
+
+---
+
+## (2) Create your Rippling application
+
+Log in to the Rippling admin dashboard and select the “Custom App” option in the menu under the “Identity Management” category.
+
+![A screenshot showing where to select the "Custom App" option in the "Identity Management" menu in Rippling.](https://images.workoscdn.com/images/2851bbb9-a486-4e51-90c1-6265959cb336.png?auto=format&fit=clip&q=50)
+
+Select “Create New App” in the Custom App page.
+
+![A screenshot showing where to select "Create New App" in Rippling.](https://images.workoscdn.com/images/bd2b1fba-2433-4fc2-b20b-7a0ca712dd20.png?auto=format&fit=clip&q=50)
+
+Fill out the application’s name, select categories, upload an image for the logo, and check the “User Management via SCIM” box. Click “Continue” and the next page will populate more option fields regarding SCIM setup.
+
+![A screenshot showing where to fill in the name, categories, logo, and type of custom app in Rippling.](https://images.workoscdn.com/images/74bf5e11-239e-4cf4-b3ce-af819d3c7b95.png?auto=format&fit=clip&q=50)
+
+## (3) Configure your integration
+
+Set the SCIM version to 2.0.
+
+Fill in the endpoint into the “SCIM Base URL” field.
+
+![A screenshot showing where to set the SCIM version and "SCIM Base URL" in Rippling.](https://images.workoscdn.com/images/a4fce113-4383-42b4-9d46-eac1e2ec6941.png?auto=format&fit=clip&q=50)
+
+Set the SCIM authorization method to “Bearer Token” in the "SCIM Authorization Method" dropdown list. Check off features for groups, pagination, delete groups and PATCH groups.
+
+![A screenshot showing the SCIM authorization method and configuration options in Rippling.](https://images.workoscdn.com/images/9c9c19cc-0836-4aa9-90e0-fb42d751594b.png?auto=format&fit=clip&q=50)
+
+Add SCIM attributes `externalId`, `emails.primary`, `name.givenName`, `name.familyName` to the "Supported SCIM Attributes" input box. If you have additional custom attributes, add the appropriate corresponding Rippling values of the custom attributes. Click “Continue” to move to the next step.
+
+![A screenshot showing the "Supported SCIM Attributes" field in Rippling.](https://images.workoscdn.com/images/566a60cf-044e-423e-b1ee-d1cbee96440b.png?auto=format&fit=clip&q=50)
+
+Rippling will then prompt you to install the app. Click "Install now" and proceed through the next step. Then, copy and paste the Bearer Token into the “Bearer Token” field and click “Continue”.
+
+![A screenshot showing where to enter the Bearer Token in Rippling.](https://images.workoscdn.com/images/bb2ce893-3c9e-4d97-a7f8-4e0bb7128843.png?auto=format&fit=clip&q=50)
+
+## (4) Assign users and groups to your application
+
+After entering the Bearer Token, the following two pages “App Access Rules” and “Provision Time”, can be filled out by your own preference. You should then arrive at the “Account Matching” page.
+
+In order for your users and groups to be synced, you will need to assign them to your Rippling Application. Match the Rippling users to the account, or create a new application account for the user(s).
+
+![A screenshot showing where to match Rippling users to an account in Rippling.](https://images.workoscdn.com/images/c95d76d4-721a-4626-9ee7-6e33c124bf91.png?auto=format&fit=clip&q=50)
+
+Create groups for the application as needed.
+
+![A screenshot showing where to create a group in Rippling.](https://images.workoscdn.com/images/49677af7-9dce-48cb-b32b-94df728644f0.png?auto=format&fit=clip&q=50)
+
+Name the group.
+
+![A screenshot showing where to name a group in Rippling.](https://images.workoscdn.com/images/073ca80c-42c2-4f65-abd2-50e8af89dd2b.png?auto=format&fit=clip&q=50)
+
+Assign Rippling users/groups to the newly created application group.
+
+![A screenshot showing where to assign users and groups to a newly created application in Rippling.](https://images.workoscdn.com/images/aa94731f-f5c3-4517-818f-383a64924dc3.png?auto=format&fit=clip&q=50)
+
+Make sure all attributes previously added are enabled, and that their cadence is set to “On user creation and updates”. Then, click “Save” and “Continue” to finish setup.
+
+![A screenshot showing where to ensure that all attributes are enabled in Rippling.](https://images.workoscdn.com/images/aa067d8d-b62f-459d-b640-e577a2050b67.png?auto=format&fit=clip&q=50)
+
+In your WorkOS dashboard, you should now see the users and groups synced over.
+
+![A screenshot showing a successfully synced user from Rippling in the WorkOS dashboard.](https://images.workoscdn.com/images/c38e1ba8-90e3-4cf0-a008-443f8c77f6a2.png?auto=format&fit=clip&q=50)
+
+A detailed guide to integrate the WorkOS API with your application can be found [here](/directory-sync)
+
+## Frequently asked questions
+
+### Can I add additional custom fields to this SCIM integration?
+
+Yes, however Rippling allows only a limited set of custom fields in SCIM applications.
+
+- #### Available custom fields
+  - `addresses.home.country`
+  - `addresses.home.formatted`
+  - `addresses.home.locality`
+  - `addresses.home.postalCode`
+  - `addresses.home.region`
+  - `addresses.home.streetAddress`
+  - `addresses.work.country`
+  - `addresses.work.formatted`
+  - `addresses.work.locality`
+  - `addresses.work.postalCode`
+  - `addresses.work.region`
+  - `addresses.work.streetAddress`
+  - `department`
+  - `displayName`
+  - `emails.primary`
+  - `employeeNumber`
+  - `externalId`
+  - `manager.displayName`
+  - `manager.email`
+  - `manager.managerId`
+  - `name.familyName`
+  - `name.formatted`
+  - `name.givenName`
+  - `phoneNumbers.mobile`
+  - `phoneNumbers.work`
+  - `photos.photo`
+  - `title`
+  - `userType`

package/.docs/organized/docs/integrations/salesforce-saml.mdx

@@ -0,0 +1,143 @@
+---
+title: Salesforce
+description: "Learn how to configure a connection to\_Salesforce via SAML."
+icon: salesforce
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/salesforce-saml.mdx
+---
+
+## Introduction
+
+Each SSO Identity Provider requires specific information to create and configure a new [connection](/glossary/connection). And often, the information required to create a connection will differ by Identity Provider.
+
+To create an Salesforce SAML connection, you’ll need three pieces of information: an [ACS URL](/glossary/acs-url), an [SP Entity ID](/glossary/sp-entity-id), and a [Metadata URL](/glossary/idp-metadata).
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the ACS URL and SP Entity ID. It’s readily available in your Connection Settings in the [WorkOS dashboard](https://dashboard.workos.com/).
+
+![A screenshot showing where to find the ACS URL and SP Entity ID in the WorkOS dashboard.](https://images.workoscdn.com/images/134a9a2e-3409-4969-9048-01be960c7d93.png?auto=format&fit=clip&q=50)
+
+The ACS URL is the location an Identity Provider redirects its authentication response to. In Salesforce’s case, it needs to be set by the organization when configuring Salesforce as an Identity Provider.
+
+The Entity ID is a URI used to identify the issuer of a SAML request, response, or assertion. In this case, the entity ID is used to communicate that WorkOS will be the party performing SAML requests to the organization's Salesforce instance.
+
+Specifically, the ACS URL and SP Entity ID will need to be set in the Connected Apps setup in Salesforce.
+
+![A screenshot showing where to place the WorkOS ACS URL and SP Entity ID in the Salesforce dashboard.](https://images.workoscdn.com/images/98390601-4c8a-42f4-9965-52ddcd28ff45.png?auto=format&fit=clip&q=50)
+
+---
+
+## What you’ll need
+
+In order to integrate you’ll need the Salesforce Metadata URL. Normally, the this will come from the organization's IT Management team when they set up your application’s SAML client in their Salesforce instance. But, should that not be the case during your setup, here’s how to obtain it.
+
+---
+
+## (1) Generate Certificate
+
+Log in to your Salesforce Account, click the Settings cog icon on the top right, and select “Setup”.
+
+Once in setup mode you can use the search bar to easily navigate around between settings pages. The first page to navigate to is the “Certificate and Key Management” page.
+
+![A screenshot showing how to navigate to the "Certificate and Key Management" page in the Salesforce dashboard.](https://images.workoscdn.com/images/769b9580-ffc1-46d6-b382-4b5a83222dd8.png?auto=format&fit=clip&q=50)
+
+Once in setup mode you can use the search bar to easily navigate around between settings pages. The first page to navigate to is the “Certificate and Key Management” page. If a key does not exist that you would like to use, click “Create Self-Signed Certificate” to generate a new one.
+
+![A screenshot showing how to generate a Self-Signed Certificate in the Salesforce dashboard.](https://images.workoscdn.com/images/fc278a8b-3398-46ff-9a58-143dc127d0e6.png?auto=format&fit=clip&q=50)
+
+Give the Certificate a meaningful label and unique name and select the Key Size you’d like to use. It’s not necessary to have an Exportable Private Key, but if you are using a key-certificate store you can choose this option.
+
+![A screenshot showing how to configure the Self-Signed Certificate details in the Salesforce dashboard.](https://images.workoscdn.com/images/936558fc-d9c3-4075-a139-3cea3d3854dc.png?auto=format&fit=clip&q=50)
+
+---
+
+## (2) Enable Salesforce as an IdP
+
+From the setup search bar browse to the “Identity Provider” portal in Salesforce.
+
+If it has not already been done, select “Enable Identity Provider”.
+
+![A screenshot showing how to enable Salesforce as an Identity Provider in the Salesforce dashboard.](https://images.workoscdn.com/images/f890533c-dd88-4b05-9cbe-e47b3a416906.png?auto=format&fit=clip&q=50)
+
+You will need to select the correct certificate from the previous step.
+
+![A screenshot showing how to select the SAML certificate for the Identity Provider setup in the Salesforce dashboard.](https://images.workoscdn.com/images/f332f289-dad3-491d-a1c3-67e14e381cfc.png?auto=format&fit=clip&q=50)
+
+Additionally this page will display the Metadata URL. You will need to copy this URL and in a later step it will be uploaded into WorkOS.
+
+![A screenshot showing where to copy the IdP Metadata URL from in the Salesforce dashboard.](https://images.workoscdn.com/images/e5088944-d7b5-4e3f-8072-d672bbd88f26.png?auto=format&fit=clip&q=50)
+
+---
+
+## (3) Configure SAML Application
+
+Next from the setup search bar browse to the “App Manager” portal. Once here you will want to select the option for “New Connected App”.
+
+![A screenshot showing how to create a new Connected App in the Salesforce dashboard.](https://images.workoscdn.com/images/af73f2b9-6c91-4b45-87aa-b0e15a2d9a0d.png?auto=format&fit=clip&q=50)
+
+Give the App and API a meaningful name and set a contact email that corresponds to who you’d reach out to for support should there be an issue. You can always opt to use `support@workos.com`.
+
+![A screenshot showing how to configure the name and contact email for the new Connected App in the Salesforce dashboard.](https://images.workoscdn.com/images/03a48352-2825-4c6d-aa8d-bfb57f03159f.png?auto=format&fit=clip&q=50)
+
+Scroll down further to the “Web App Settings” and check the box for “Enable SAML”. Enter the Entity ID and ACS URL into their respective places within the Settings.
+
+The “Subject Type” should be set to “User ID” and the “Name ID Format” should be set to `urn:oasis:names:tv:SAML:1.1:nameid-format:emailAddress`. The “Issuer” should populate correctly with your Salesforce subdomain. For the IdP Certificate, select the certificate that matches the one previously used when enabling the Identity Provider, and for the “Signing Algorithm for SAML Messages” choose “SHA256”.
+
+![A screenshot showing how to configure the Connected App's Web App Settings in the Salesforce Dashboard.](https://images.workoscdn.com/images/98390601-4c8a-42f4-9965-52ddcd28ff45.png?auto=format&fit=clip&q=50)
+
+Save the configurations and you should now see the new Connected App listed under “App Manager”.
+
+---
+
+## (4) Configure User Attributes and Claims
+
+In the Setup search bar browse to the “Manage Connected Apps” portal. Click on your application and this will open the view where you can configure the attribute mapping, and later on the user profile access permissions.
+
+![A screenshot showing how to open the configurations for the new Connected App in the Salesforce dashboard.](https://images.workoscdn.com/images/6d1dc5a0-d7a5-4e68-a596-5e69f0cb1d52.png?auto=format&fit=clip&q=50)
+
+Viewing the app, scroll down to the “Custom Attributes” section and select “New”.
+
+![A screenshot showing how to create new Custom Attribute mapping in the Salesforce dashboard.](https://images.workoscdn.com/images/716f679d-907f-42b9-8024-ff74ecff82cc.png?auto=format&fit=clip&q=50)
+
+Salesforce automatically includes email as an Attribute so we will need to add three fields:
+
+- `id`
+- `firstName`
+- `lastName`
+
+Configure the fields so the mapping matches the following:
+
+![A screenshot showing how to configure SAML attribute mapping in the Salesforce dashboard.](https://images.workoscdn.com/images/0dfb70bf-744f-4021-ae20-c06ade8f792d.png?auto=format&fit=clip&q=50)
+
+### Role Assignment (optional)
+
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, create a new custom attribute with a key of `groups`. Map this attribute to a value that contains a user’s group membership or role information, such as `$UserRole.Name` in the example below.
+
+![A screenshot showing where to add the groups attribute in the Salesforce dashboard.](https://images.workoscdn.com/images/0f2abfab-25c9-4ce4-aeb4-7f0f3fae8038.png?auto=format&fit=clip&q=50)
+
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+
+---
+
+## (5) Manage Profiles With Application Access
+
+Similarly, viewing the app, there is a “Manage Profiles” section for granting access to control who can log into the application. Select “Manage Profiles” and grant access to the appropriate profiles that should have access to the application in the "Application Profile Assignment" wizard. Select "Save" when complete.
+
+![A screenshot showing how to configure the "Application Profile Assignments" in the Salesforce dashboard.](https://images.workoscdn.com/images/26cdf036-5428-4ccf-b320-f9d1e41250e2.png?auto=format&fit=clip&q=50)
+
+Here is an example of a successfully configured “Connected Application” allowing access to anyone with an “End User” Profile.
+
+![A screenshot showing the completed "Application Profile Assignments" in the Salesforce dashboard.](https://images.workoscdn.com/images/fdc0584a-1350-42d7-8816-c8255e307db6.png?auto=format&fit=clip&q=50)
+
+---
+
+## (6) Obtain Identity Provider Details
+
+Finally, return to the WorkOS dashboard. Within your connection settings, select "Edit Metadata Configuration" under "Identity Provider Configuration" and provide the Metadata URL you obtained from Salesforce. Your connection will then be verified and good to go!
+
+![A screenshot showing where to add the IdP Metadata URL in the WorkOS dashboard.](https://images.workoscdn.com/images/ff29bcdd-a7df-47d3-88fc-f001a3dae23d.png?auto=format&fit=clip&q=50)

package/.docs/organized/docs/integrations/saml.mdx

@@ -0,0 +1,64 @@
+---
+title: SAML
+description: Learn how to configure a new custom SAML connection.
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/saml.mdx
+---
+
+## Introduction
+
+Each SSO Identity Provider requires specific information to create and configure a new [Connection](/glossary/connection). Often, the information required to create a Connection will differ by Identity Provider.
+
+To create a custom SAML Connection, you’ll need the Identity Provider Metadata URL that is available from the organization's SAML instance.
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the [ACS URL](/glossary/acs-url), the [SP Entity ID](/glossary/sp-entity-id), and the [SP Metadata](/glossary/sp-metadata) link. They are readily available in your Connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+![WorkOS Settings](https://images.workoscdn.com/images/3c27f5a8-ee88-4b7f-9659-0db9b80dea70.png?auto=format&fit=clip&q=50)
+
+The ACS URL is the location an Identity Provider redirects its authentication response to. The SP Entity ID is a URI used to identify the issuer of a SAML request and the audience of a SAML response. The SP Metadata link contains a metadata file that the organization can use to set up the SAML integration.
+
+---
+
+## What you’ll need
+
+In order to integrate you’ll need the IdP Metadata URL.
+
+Normally, this information will come from the organization's IT Management team when they set up your application’s SAML 2.0 configuration in their Identity Provider admin dashboard. But, should that not be the case during your setup, here’s how to obtain them.
+
+---
+
+## (1) Enter Service Provider Details
+
+Copy and Paste the “ACS URL” and “SP Entity ID” into the corresponding fields for Service Provider details and configuration. For some SAML setups, you can use the metadata found at the SP Metadata link to configure the SAML connection.
+
+---
+
+## (2) Obtain Identity Provider Metadata
+
+Copy the IdP Metadata URL from your SAML settings and upload it to your WorkOS Connection settings. Your Connection will then be linked and good to go!
+
+![Upload IdP Metadata URL to WorkOS Dashboard](https://images.workoscdn.com/images/9a3498b2-eeb8-4ecf-b2f3-c3ed41d081cb.png?auto=format&fit=clip&q=50)
+
+Some SAML providers might not be able to provide the IdP Metadata URL. In these cases, you’ll want to manually configure the connection.
+
+![Switch to Manual Configuration](https://images.workoscdn.com/images/2e8f0c39-986b-4529-bacc-2e1843be4842.png?auto=format&fit=clip&q=50)
+
+![Manually Configure Connection in WorkOS Dashboard](https://images.workoscdn.com/images/880ce675-48d5-4b49-9871-1cf4b38d1a10.png?auto=format&fit=clip&q=50)
+
+---
+
+## (3) Configure Attribute Mapping
+
+At a minimum, the Attribute Statement in the SAML Response should include `id`, `email`, `firstName`, and `lastName` attributes.
+
+### Role Assignment (optional)
+
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named `groups`.
+
+Once your SAML app is configured to return groups, navigate to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.

package/.docs/organized/docs/integrations/scim.mdx

@@ -0,0 +1,64 @@
+---
+title: SCIM
+description: "Learn about syncing your user list with\_a\_custom SCIM provider."
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/scim.mdx
+---
+
+## Introduction
+
+This guide outlines how to synchronize your application’s user and group directories using SCIM v2.0.
+
+To synchronize an organization’s users and groups provisioned for your application, you’ll need to provide the organization with two pieces of information:
+
+- An [Endpoint](/glossary/endpoint) that the SCIM server will make requests to.
+- A [Bearer Token](/glossary/bearer-token) to authenticate its endpoint requests.
+
+Both of these are available in your Endpoint’s Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+---
+
+## (1) Set up your directory sync endpoint
+
+Login to your WorkOS dashboard and select “Organizations” from the left hand Navigation bar.
+
+Select the Organization you’d like to enable a SCIM Directory Sync connection for.
+
+On the Organization’s page go to "Actions" and then click “Add Directory”.
+
+![A screenshot showing where to find “Add Directory” in the WorkOS Dashboard.](https://images.workoscdn.com/images/4fdc6225-8233-4f5b-9361-d99f0ad5ae6f.png?auto=format&fit=clip&q=50)
+
+Select “Custom SCIM v2.0” as the directory type, and then input the Company Name.
+
+Click the “Create Directory” button.
+
+![A screenshot showing "Create Directory" details in the WorkOS Dashboard.](https://images.workoscdn.com/images/a1432401-3eed-475a-b4b0-1ea18840be9a.png?auto=format&fit=clip&q=50)
+
+The Directory Sync Connection will now display the Endpoint for the SCIM server to send requests to, and the Bearer Token.
+
+![A screenshot showing where to find the Endpoint and Bearer Token for an organization in the WorkOS Dashboard.](https://images.workoscdn.com/images/0ab40cc6-3374-4032-9f33-91a36554db29.png?auto=format&fit=clip&q=50)
+
+> We have support for custom labeled URLs for Directory Sync endpoints. [Contact us](mailto:support@workos.com) for more info!
+
+---
+
+## (2) Configure the SCIM server integration
+
+WorkOS provides you with all of the relevant information for an organization to plug and play SCIM functionality for your application.
+
+Provide the organization with:
+
+- The Endpoint from your [WorkOS Dashboard](https://dashboard.workos.com/), and
+- The Bearer Token from your [WorkOS Dashboard](https://dashboard.workos.com/).
+
+Once the organization has used these values to configure your application within their SCIM server, then your application is ready to synchronize users and groups.
+
+---
+
+## (3) Assign users and groups to your application
+
+Now, whenever the organization assigns users or groups to your application, you’ll receive realtime Dashboard updates based on changes in their directory.
+
+A detailed guide to integrate the WorkOS API with your application can be found [here](/directory-sync)

package/.docs/organized/docs/integrations/sftp.mdx

@@ -0,0 +1,150 @@
+---
+title: SFTP
+description: "Learn about syncing your user list using an\_SFTP\_connection."
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/sftp.mdx
+---
+
+## Introduction
+
+An SFTP integration allows an organization to synchronize user and group information by uploading CSV files using SFTP.
+WorkOS maintains a receiving SFTP server that can be connected to from the organization's HRIS provider/SFTP client.
+
+If the organization's HRIS has a built-in SFTP client, SFTP will allow them to automatically sync their data and ensure your data is always up to date.
+An SFTP integration allows for provider-agnostic ingestion of employee data into your product ecosystem.
+
+Once the integration is set up, WorkOS automatically creates and hosts an SFTP folder for the organization's HRIS provider to upload files at a regular cadence.
+
+An SFTP integration has the following advantages:
+
+- Works with any system that has the ability to export CSVs
+- Has an easy integration path for an organization comfortable working with CSVs and SFTP
+- Allows a custom cadence of updates for your customer
+
+Your app interfaces with an SFTP directory the same as with other directories; receiving [events](/events) when the directory is created or updated:
+
+<DirectorySyncDiagram.SftpDirectoryActivated />
+
+> Note: The SFTP integration isn't enabled by default in the WorkOS Dashboard or Admin Portal. Please reach out to [support@workos.com](mailto:support@workos.com) or via your team’s WorkOS Slack channel if you would like SFTP enabled.
+
+---
+
+## What WorkOS provides
+
+WorkOS provides an SFTP server URL and username specific to the directory. Once set up, the URL and username will be available under directory settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+The SFTP URL is the location of the SFTP server to upload user and group information. Authentication uses a username and a key pair.
+
+---
+
+## What you will need
+
+You will need to provide a public key for authentication. Normally this will come from a key pair provided your customer’s IT team and may be created by their HRIS. Maximum key length is 2048 bytes and supported keys are: `ED25519`, `RSA`, and `ECDSA`.
+
+Your customer will need to export the users and groups as CSV files with the structure below.
+
+### `users.csv`
+
+This file is required.
+
+<DirectorySyncCsvSchemaTable.Users />
+
+### `user_groups.csv`
+
+This file is required.
+
+<DirectorySyncCsvSchemaTable.UserGroups />
+
+### `groups.csv`
+
+This file is _not_ required. Additional metadata may be also included in this file.
+
+<DirectorySyncCsvSchemaTable.Groups />
+
+---
+
+## (1) Set up your directory sync endpoint
+
+Login to your WorkOS Dashboard and select “Organizations” from the left hand navigation bar. Select the organization you’ll be configuring a new Directory Sync connection with.
+
+Click “Add Directory”. Select “SFTP” as the directory type, and then enter a name for this directory.
+
+Click “Create Directory”.
+
+![A screenshot showing how to create a directory in the WorkOS Dashboard.](https://images.workoscdn.com/images/b427dceb-7a05-4593-9598-d2fccaf3da4f.png?auto=format&fit=clip&q=100)
+
+## (2) Enter the customer’s public key
+
+Retrieve the public key that will be used for SFTP from the organization’s admin.
+
+Click “Update Directory” in the WorkOS Dashboard.
+
+![A screenshot showing where to find "Update directory" for an Organization in the WorkOS Dashboard.](https://images.workoscdn.com/images/0967a645-2e54-4e9d-a197-e8177d23cc76.png?auto=format&fit=clip&q=100)
+
+Enter the customer’s public key in the input field.
+
+The SSH public key format should include the key type (e.g. `ssh-rsa`, `ssh-ed25519`), base64 encoded body, and an optional comment, with spaces between each element. For example, `ssh-rsa AAAABB1 keycomment`.
+
+RSA, ECDSA, and ED25519 keys are accepted.
+
+- For RSA keys, the key type is `ssh-rsa`.
+- For ED25519 keys, the key type is `ssh-ed25519`.
+- For ECDSA keys, the key type is either `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, or `ecdsa-sha2-nistp521`, depending on the size of the key generated.
+
+![A screenshot showing how to update SFTP directory details in the WorkOS Dashboard.](https://images.workoscdn.com/images/14f27355-a6c3-4a5f-a4cc-6e6b392c42d4.png?auto=format&fit=clip&q=100)
+
+## (3) Share SFTP details with your customer
+
+After adding the public key, WorkOS generates a username. You will see the green “Linked” icon appear.
+
+![A screenshot showing SFTP directory details in the WorkOS Dashboard.](https://images.workoscdn.com/images/aeea5065-5de1-4eb8-96f0-c67f12ddc46a.png?auto=format&fit=clip&q=100)
+
+Share the username with the organization admin and ask them to upload the CSV files using their private key to `sftp.workos.com`.
+
+## (4) Confirm users and groups are synced
+
+Now, whenever your customer assigns users or groups to your application, you’ll receive updates based on the changes in their directory.
+
+Click on the “Users” tab in the dashboard to view synced users.
+
+![A screenshot showing a synced directory in the WorkOS Dashboard](https://images.workoscdn.com/images/06b6c694-2558-451d-8305-372a43ac3d46.png?auto=format&fit=clip&q=100)
+
+A detailed guide to integrate the WorkOS API with your application can be found [here](/directory-sync)
+
+## SFTP Security
+
+### How is my organization’s data protected in transit?
+
+SFTP (Secure File Transfer Protocol) uses SSH (Secure Shell protocol) to symmetrically encrypt traffic after an asymmetric key negotiation for authentication.
+
+Our solution leverages The [AWS Transfer Family](https://docs.aws.amazon.com/transfer/latest/userguide/how-aws-transfer-works.html) so that we can support a common, secure protocol (SSH) with modern, isolated data storage (AWS S3).
+
+We leverage the default security policy ([security-policy-transfer-2020-06](https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html#security-policy-transfer-2020-06)) for the choice of SSH cipher-suites, which determines the strength of cryptographic protection for data in transit.
+
+### How is my organization’s data protected at rest?
+
+As the data is stored in an AWS S3 bucket the default (since January 2023) is that it is encrypted at rest ([SSE-S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html)).
+The symmetric encryption used is AES-256, more information is available in [the FAQ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html).
+
+### How does WorkOS isolate one of my organization’s data from the other?
+
+Each of the organizations you’re onboarding will [create an SSH key pair](/integrations/sftp/what-you-will-need), this consists of a public key, and a private key. They will retain the private key, ensuring that only they can authenticate. The public key uploaded to WorkOS will be used to authenticate the organization's connection via SFTP.
+
+Each of your organizations is mapped to a distinct S3 bucket based on an internal (cryptographically random) identifier for the SSH key pair.
+
+### When does WorkOS dispose of the data and how is this done?
+
+In either of the following events your organization’s data, and the S3 bucket will be deleted:
+
+1. You off-board the organization from your product/service.
+2. You no longer use the WorkOS Directory Sync service.
+
+---
+
+## Frequently asked questions
+
+### How often do SFTP directories perform a sync?
+
+SFTP directories will sync automatically whenever file changes are detected and every 30 minutes following the initial synchronization.

package/.docs/organized/docs/integrations/shibboleth-generic-saml.mdx

@@ -0,0 +1,84 @@
+---
+title: Shibboleth Generic SAML
+description: Learn how to configure a Shibboleth Generic connection via SAML.
+icon: shibboleth
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: >-
+  .tmp-workos-clone/packages/docs/content/integrations/shibboleth-generic-saml.mdx
+---
+
+## Introduction
+
+These instructions are for connecting to Shibboleth using the [generic SAML 2.0 configuration](https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631694/SAML2SSOConfiguration). If the organization requires the [UnsolicitedSSOConfiguration](https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631696/UnsolicitedSSOConfiguration) instead, please use the [Shibboleth Unsolicited SAML provider documentation](/integrations/shibboleth-unsolicited-saml).
+
+Each SSO Identity Provider requires specific information to create and configure a new [connection](/glossary/connection). Often, the information required to create a connection will differ by Identity Provider.
+
+To create a Shibboleth Generic SAML connection, you’ll need the Identity Provider metadata that is available from the organization's Shibboleth instance.
+
+Start by logging in to your WorkOS dashboard and browse to the “Organizations” tab on the left hand navigation bar.
+
+Select the organization you wish to configure a Shibboleth Generic SAML connection for, and select “Manually Configure Connection” under “Identity Provider”.
+
+![A screenshot showing where to find "Manually Configure Connection" in the WorkOS Dashboard.](https://images.workoscdn.com/images/f07dc8e4-e97c-4bd0-9dbd-14915cd46e40.png?auto=format&fit=clip&q=50)
+
+Select “Shibboleth Generic SAML” from the Identity Provider dropdown, enter a descriptive name for the connection, and then select the “Create Connection” button.
+
+![A screenshot showing "Create Connection" details in the WorkOS Dashboard.](https://images.workoscdn.com/images/640b70d1-60ce-48c7-865f-2441325a078c.png?auto=format&fit=clip&q=50)
+
+---
+
+## What WorkOS provides
+
+Once you’ve created your connection, WorkOS provides the [ACS URL](/glossary/acs-url), [SP Metadata](/glossary/sp-metadata) link, and [SP Entity ID](/glossary/sp-entity-id). It’s readily available in your connection settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+![A screenshot showing where to find the ACS URL, SP Metadata and SP Entity ID in the WorkOS Dashboard.](https://images.workoscdn.com/images/efd8ea95-9dbd-4a18-b961-7d9d1b4bc3ce.png?auto=format&fit=clip&q=50)
+
+The ACS URL is the location an Identity Provider redirects its authentication response to. The SP Metadata link contains a metadata file that the organization can use to set up the Shibboleth Generic SAML integration.
+
+The SP Entity ID is a URI used to identify the issuer of a SAML request and the audience of a SAML response. In this case, the SP Entity ID is used to communicate that WorkOS will be the party performing SAML requests to the organization's Shibboleth instance, and that WorkOS is the intended audience of the SAML responses from the Shibboleth instance.
+
+---
+
+## What you’ll need
+
+In order to integrate you’ll need the Shibboleth IdP metadata.
+
+Normally, this information will come from the organization's IT Management team when they set up your application’s Shibboleth configuration. But, should that not be the case during your setup, here’s how to obtain them.
+
+---
+
+## (1) Enter Service Provider Details
+
+Copy and Paste the “ACS URL” and “SP Entity ID” into the corresponding fields for Service Provider details and configuration. For some Shibboleth setups, you can use the metadata found at the SP Metadata link to configure the Shibboleth connection.
+
+---
+
+## (2) Obtain Identity Provider Metadata
+
+Download the IdP metadata from the Shibboleth instance. Refer to the [Shibboleth documentation](https://shibboleth.atlassian.net/wiki/spaces/CONCEPT/pages/928645275/MetadataForIdP) for more information on this metadata file. Keep in mind where the file was saved, as we’ll be uploading it later to configure the Connection.
+
+---
+
+## (3) Configure Attribute Mapping
+
+At a minimum, the Attribute Statement in the SAML Response should include `id`, `email`, `firstName`, and `lastName` attributes. Refer to the [Shibboleth documentation](https://shibboleth.atlassian.net/wiki/spaces/CONCEPT/pages/928645122/SAMLAttributeNaming) for more information on adding and mapping attributes.
+
+### Role Assignment (optional)
+
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named `groups`.
+
+Once your SAML app is configured to return groups, navigate to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+
+---
+
+## (4) Upload Metadata File
+
+In the connection settings in the WorkOS Dashboard, click “Edit Metadata Configuration”.
+
+![A screenshot showing where to edit the IdP metadata URL in the WorkOS Dashboard.](https://images.workoscdn.com/images/8fb3610f-15a3-4e10-8441-50121bd32609.png?auto=format&fit=clip&q=50)
+
+Upload the XML metadata file from Shibboleth into the “Metadata File” field and select “Save Metadata Configuration”. Your connection will then be linked and good to go!
+
+![A screenshot showing where to upload and how to save the IdP metadata URL in the WorkOS Dashboard.](https://images.workoscdn.com/images/d9745f3c-4b3f-4e43-aea2-1b21e7160909.png?auto=format&fit=clip&q=50)