Step 1: Configure WorkOS for SSO.
This will connect Virtuous with your chosen identity provider - you can learn more about how to set this up here. This MUST be configured first in order to allow directory sync.
Step 2: Create Permission Groups in Virtuous
The names of your permission groups in Virtuous will need to match the names used through your identity provider. So, you will need to create your permission groups in Virtuous so that the sync knows where to put new users in Virtuous.
If the permission group used through your identity provider does not match up with an existing permission group in Virtuous: The user will be synced up to the permission group you have set as default in Virtuous.
If changes do need to be made to permission group names later, change them in Virtuous first, then change them in your directory.
Step 3: Configure Directory Sync
You will configure directory sync from the same screen where you configured SSO. Go to Settings > All Settings. Select the Connectivity tab where you will see SSO as an option.
From the bottom of this screen, select Configure Directory Sync.
Now, You're Ready To Go!
With your directory sync set up, you can now log into your identity provider, mark a different user as inactive there, and that will in turn deactivate the user in Virtuous. (Keep in mind, however, that this is a one-way street; deactivating a user through your identity provider will deactivate the user in Virtuous, but deactivating a user in Virtuous will not deactivate the user account through your identity provider.)
Additionally, if a user's name is changed in your directory, the name will be changed in Virtuous.
Directory Providers You Can Use
- Azure AD SCIM
- Bamboo HR
- Breathe HR
- CyberArk SCIM
- Google Workspace Directory
- JumpCloud SCIM
- Okta SCIM v1.1
- Okta SCIM v2.0
- OneLogin SCIM
- People HR
- PingFederate SCIM
- SCIM v1.1
- SCIM v2.0