Configure enterprise SSO (SAML / OIDC)
Enterprise SSO (hq.kariant.app/organization/sso) connects your identity provider — SAML or OIDC — so your team signs in with company credentials, with optional SCIM provisioning.
Preconditionslink
The configuration form unlocks when two preconditions are met, and the status panel shows each one honestly:
- check_circleA verified company domain (see Claim and verify your company domain).
- check_circleAn isolated authentication pool provisioned for your organization — this requires an infrastructure upgrade on Kariant’s side, so contact support to enable it if the status shows it pending.
Configure your IdPlink
- 1Choose SAML or OIDC and enter your IdP details (entity ID, SSO URL, and signing certificate for SAML; issuer, client ID, and secret for OIDC).
- 2Optionally map a groups attribute/claim, and choose whether to issue a SCIM token for automated provisioning and deprovisioning.
- 3Save, then enter the connection values the page shows (ACS/Reply URL, Entity ID, SCIM base URL) in your identity provider.
About the SCIM tokenlink
If you enable SCIM, the token is shown once — store it immediately and use it as the Bearer token in your IdP’s provisioning configuration. It cannot be displayed again.
Frequently asked questions
The form is disabled — why?expand_more
One or both preconditions are unmet: verify a company domain first, and if the isolated auth pool shows as not provisioned, contact support@kariant.app to enable it for your organization.