SKIP AHEAD TO: Just In Time (JIT) Provisioning Single Sign-On (SSO) Identity Provider (IdP) Compatibility List How do I see the option to configure SSO/SCIM in Spekit? |
Learn how to set up Single Sign-On (SSO). Make sure you have the SSO/SCIM enabled. You must have Spekit Account Admin permissions to set up SSO.
Just In Time (JIT) Provisioning
Spekit supports Just In Time or JIT provisioning, so here are some items to know:
1.) When the SSO configuration for Spekit is started, only the SAML portion is completed, and SCIM is not needed.
2.) When JIT is configured, the account is created, and the user management in Spekit is done manually by the users in Spekit who have the Spekit Account Admin role.
- Example: If someone leaves their company, their account must be manually disabled in Spekit because JIT cannot automatically remove them.
3.) With JIT, accounts are created upon a user's first login.
- Example: When a user gets assigned the Spekit app in Okta when they click the Spekit tile in Okta, if this is their first time getting logged in, their Spekit account will be created.
4.) Groups or Teams, as referred to in the Spekit WebApp, are to be created and managed by the people in your organization who have the Spekit role of Spekit Account Admin.
5.) Accounts provisioned with JIT will be added to the default Spekit Team of All Spekit Users as a Viewer role by default. Spekit Account Admins manually manage additional custom-created Team access.
6.) There are multiple ways to get signed into the Spekit Chrome extension, so the SSO IDP administrator can decide how they want to direct users.
7.) Users do not need to constantly re-authenticate to the extension once they've logged in.
8.) The IDP admin will need to assign the Spekit tile in Okta to any users who need access to Spekit.
Single Sign-On (SSO) Identity Provider (IdP) Compatibility List
SSO Provider |
SAML 2.0 Supported |
SCIM Supported |
Okta |
✔️ |
✔️ |
Entra ID (Azure) |
✔️ |
✔️ |
Google Workspace |
✔️ |
X |
JumpCloud |
✔️ |
✔️ |
OneLogin |
✔️ |
✔️ |
PingFederate |
✔️ |
✔️ |
PingOne |
✔️ |
✔️ |
If your IdP is not listed above Spekit cannot guarantee functionality with our platform. Please contact your CSM or support@spekit.co for more information.
How do I see the option to configure SSO/SCIM in Spekit?
The option to enable SSO/SCIM can be enabled by our Spekit team. Please submit a request to your Customer Success Manager or send a note support@spekit.co
Once enabled, the Spekit Web App will show the highlighted area below:
How do I access SSO/SCIM documentation in Spekit?
The option for SSO/SCIM configuration must first be enabled in the Spekit instance.
Once enabled in the Spekit Web App:
1.) Click Settings.
2.) Click Connect.
3.) Click Connect with SSO/SCIM.
4.) Click Download.
5.) Review the Excel sheet and do not rename the file.
- Be sure not to modify anything in columns A & B.
- Only make the necessary edits to column C, which relates to the email in the company IDP.
6.) Click Choose File and Click Upload.
After completing the steps above, you'll be prompted to configure your workspace name. Once that's done, you'll be guided through our step-by-step walkthroughs to set up SAML and SCIM for your selected IdP.
It's important to follow the step-by-step walkthrough during the SSO/SCIM configuration, as it includes unique URLs and other organization-specific details required for the setup.