Skip to main content

Documentation Index

Fetch the complete documentation index at: https://help.skillsdb.com/llms.txt

Use this file to discover all available pages before exploring further.

Quick Summary: SkillsDB separates authentication (who you are — handled by SSO) from provisioning (which user accounts exist and what they can do — handled by SCIM). Most customers configure both so users sign in with their corporate credentials and their accounts stay in sync with the identity provider automatically.

Overview

SkillsDB integrates with your identity provider (IdP) — such as Microsoft Entra ID (Azure AD), Okta, or OneLogin — through two independent mechanisms:
  • Single Sign-On (SSO) lets users sign in to SkillsDB using their existing corporate credentials. SSO handles authentication at sign-in time only.
  • SCIM (System for Cross-domain Identity Management) keeps SkillsDB user accounts in sync with your IdP automatically. SCIM handles account creation, attribute updates, group membership, and deactivation — everything that happens around the account, outside of sign-in.
You can configure SSO without SCIM (users sign in via SSO but their accounts are managed manually in SkillsDB), SCIM without SSO (accounts stay in sync automatically but users sign in with username and password), or both. Most customers configure both. SCIM support in SkillsDB covers:
  • User creation, updates, and deactivation driven by the IdP
  • Group membership mapping to SkillsDB permission levels
  • Manager hierarchy syncing via Entra’s enterprise_extension.manager attribute
  • Automatic career assignment when users are provisioned into specific groups
  • An audit log of every provisioning event for compliance and troubleshooting

How the SCIM pipeline works

SkillsDB receives SCIM events through Stytch, its authentication and identity platform. This layer handles the SCIM 2.0 protocol and forwards events to SkillsDB as signed webhooks. 
Identity Provider (Entra, Okta, etc.)

        │ SCIM 2.0

      Stytch

        │ Signed webhook

     SkillsDB
For customers, this means:
  • Configuration lives in the IdP and in the SkillsDB SSO & SCIM settings page — not in SkillsDB code or APIs
  • SkillsDB does not expose a SCIM endpoint that customers integrate against directly
  • Changes in the IdP appear in SkillsDB within one sync cycle

Where to configure SCIM in SkillsDB

Navigate to Settings > SSO & SCIM and select Configure SSO and SCIM settings. This page is visible only to administrators. It contains:
  • The Last SCIM sync timestamp
  • Two buttons in the top right: Event Log and Create SCIM Group
  • Two admin-assistance links — Users without a current manager and Users with a manager assigned
  • The Default SCIM Groups table with the two built-in groups
  • The Custom SCIM Groups table listing every custom group your administrators have created or that has been auto-created from IdP events
When no SCIM connection is active, the page shows a message prompting you to configure SCIM in your identity provider — the group-management UI is hidden in this state.

SCIM Setup

Step-by-step configuration for Microsoft Entra ID, including the enterprise application, Tenant URL and Secret Token, and attribute mapping.

SCIM Groups and Permissions

The two default groups, custom SCIM groups, the three permission levels (Admin, Full Access, Basic), and automatic Manager promotion.

SCIM Career Automations

Automatically assign careers to users when they are provisioned into specific SCIM groups, with configurable scope.

SCIM Event Log

The audit trail for every provisioning event — filter, export, and troubleshoot sync issues.

Azure Sync Considerations

Known Entra limitations for email changes, manager assignment, and deactivation, plus workarounds.

Sign-in and SSO

How Single Sign-On works in SkillsDB, independent of SCIM provisioning.

Common Questions

No, SSO works independently. Without SCIM, a SkillsDB administrator must create, update, and deactivate user accounts manually. With SCIM, those actions happen automatically based on changes in your identity provider.
No. SkillsDB’s SCIM layer runs through Stytch, which handles the SCIM 2.0 protocol on SkillsDB’s behalf. You configure SCIM in your identity provider using the Tenant URL and Secret Token that SkillsDB Support provides — you do not integrate against a SkillsDB-hosted endpoint.
Any IdP that supports SCIM 2.0, including Microsoft Entra ID (Azure AD), Okta, OneLogin, Google Workspace, and others. The SCIM Setup guide covers Entra specifically — contact SkillsDB Support for setup instructions for other providers.
Add them to the SkillsdbGlobalAdmins group in your identity provider. The next SCIM sync will upgrade their SkillsDB permission level to Admin. See SCIM Groups and Permissions for the full mapping.
Existing users remain in SkillsDB with their current state. Administrators regain manual control and must manage users directly from then on. SkillsDB does not deactivate or delete users when SCIM is disabled.

Need More Help?

For setup assistance or architectural questions about identity integration, reach out to your organization’s SkillsDB administrator or contact SkillsDB Support.