Available for: Enterprise plan
Set up by: Company-level admin
The guide provides steps to configure provisioning for Miro Enterprise accounts. For general information about the Miro SCIM feature please see here.
Contents:
Prerequisites
The Miro SCIM API is used by SSO partners to help provision, manage users and teams (groups). SAML based SSO must be properly set up and be functional in your Miro Enterprise account before you start configuring automated provisioning. The instructions on how to set up SSO can be found here.
When calling the SCIM API, you will need to provide an API Token. Take the token from your account Security settings or request the token from your Customer Success Manager at Miro.
Configuration
- On the application settings page, switch to the Provisioning tab. Then click Configure API Integration:
Provisioning tab in the preconfigured Miro app - Set Enable API Integration checkbox and provide Base URL (https://miro.com/api/v1/scim/) and your unique API Token (available in the Security section of your account) in the respective fields. After that click to Test API Credentials.
If the connection passes the test, you will get the notification saying "Miro was verified successfully":
Integration tab
If there is no confirmation, double-check the Base URL https://miro.com/api/v1/scim/ and make sure that it is not blocked by firewalls and any other traffic interceptors inside your network, as well as make sure the API Token is correct. - Save the configuration.
To App Mappings
Miro SCIM API makes use of a part of metadata OKTA attaches to users and groups. This section explains the required mappings between Miro SCIM API and OKTA attributes.
- On the application settings page switch to Provisioning > To App tab. Click Edit and enable checkboxes next to Create Users, Update User Attributes and Deactivate Users sections.
Mappings tab in the preconfigured Miro app - Default attribute mappings are expected to be enough. Double-check the following required attributes are mapped properly:
| Attribute | Value |
|---|---|
| userName | user.email or leave it configured in Sign-On Settings |
| givenName | user.firstName |
| familyName | user.lastName |
| displayName | user.displayName |
User and Group Assignments
Miro SCIM provisioning can help you provision and de-provision users to your Miro Enterprise account, as well as automatically distribute them across teams. Users or Groups from OKTA should be assigned to the Miro application to be automatically managed in Miro. To assign users and groups to the application, follow the steps below.
We recommend provisioning users through assigning groups. In that case, when a user is removed from all assigned groups in OKTA, the same user will be removed from all teams in Miro. To deactivate a user in your Miro Enterprise account, deactivate them in OKTA, or de-assign a user from the application, which will send a corresponding request to Miro. To delete a user from Miro, use the Active Users page in Miro.
- Use Assignments tab to assign users or groups to Miro applications. Then, configure Push Groups to make sure assigned groups are properly provisioned to teams in Miro Enterprise account.
- Choose Push Groups tab on the application settings page, then click Refresh App Groups
Provisioning tab in the preconfigured Miro app
It will take OKTA a few minutes to download a list of teams from Miro. - Click Push Groups > Find groups by name
Setting up pushed groups
Type-in an OKTA group name in a quick search box and choose it from the auto-suggest list. If the corresponding team exists in Miro, OKTA will link them together.
Linking OKTA groups and Miro teams - Save changes and that will be all!