Available for: Enterprise plan
Set up by: Company-level admin
The guide provides steps to configure provisioning for Miro Enterprise accounts. For general information about the Miro SCIM feature please see here.
In this article:
Prerequisites
The Miro SCIM API is used by SSO partners to help provision, manage users and teams (groups). SAML based SSO must be properly set up and be functional in your Miro Enterprise account before you start configuring automated provisioning. The instructions on how to set up SSO can be found here.
When calling the SCIM API, you will need to provide an API Token. Enable the SCIM option in your Security > SSO settings to see the token.
Configuration
- On the application settings page, switch to the Provisioning tab. Then click Configure API Integration:
Provisioning tab in the preconfigured Miro app - Set Enable API Integration checkbox and provide Base URL (https://miro.com/api/v1/scim/) and your unique API Token (available in the Security section of your account) in the respective fields. After that click to Test API Credentials.
If the connection passes the test, you will get the notification saying "Miro was verified successfully":
Integration tab
If there is no confirmation, double-check the Base URL https://miro.com/api/v1/scim/ and make sure that it is not blocked by firewalls and any other traffic interceptors inside your network, as well as make sure the API Token is correct. - Save the configuration.
To App Mappings
Miro SCIM API makes use of a part of metadata OKTA attaches to users and groups. This section explains the required mappings between Miro SCIM API and OKTA attributes.
- On the application settings page switch to Provisioning > To App tab. Click Edit and enable checkboxes next to Create Users, Update User Attributes and Deactivate Users sections.
Mappings tab in the preconfigured Miro app
User and Group Assignments
Miro SCIM provisioning can help you provision and de-provision users to your Miro Enterprise account, as well as automatically distribute them across teams. Users or Groups from OKTA should be assigned to the Miro application to be automatically managed in Miro. To assign users and groups to the application, follow the steps below.
We recommend provisioning users through assigning groups. In that case, when a user is removed from all assigned groups in OKTA, the same user will be removed from all teams in Miro. To deactivate a user in your Miro Enterprise account, deactivate them in OKTA, or de-assign a user from the application, which will send a corresponding request to Miro. To delete a user from Miro, use the Active Users page in Miro.
- Use Assignments tab to assign users or groups to Miro applications. All assigned users will be automatically added to Miro at this point but will not be placed into any Miro teams.
- Then, configure Push Groups to make sure assigned groups are properly synced to your Miro teams. Choose Push Groups tab on the application settings page, then click Refresh App Groups
Provisioning tab in the preconfigured Miro app
It will take OKTA a few minutes to download a list of teams from Miro. - Click Push Groups > Find groups by name
Setting up pushed groups
Type-in an OKTA group name in a quick search box and choose it from the auto-suggest list. OKTA will show you the group linked to the respective Miro team. At this point all the users of the chosen group will be placed in the respective Miro team and will get access to the boards shared with the team.
Linking OKTA groups and Miro teams
If OKTA shows you the option to manually link the group, make sure the Miro team with the name of the group exists on the Miro side and then click Refresh Apps groups again so the system syncs the entities. - Save changes and that will be all!
⚠️ If you're seeing that the users are not pushed to Miro, please check that the pushed group in Okta is properly assigned to the app.