User Import and Sync
You can import users and groups from external identity providers into your organization by setting up authentication modules. This feature allows seamless integration with your existing identity management solutions. It also means you don't need to create and manage these groups and user accounts manually in Hub.
Currently, the following three authentication modules support user and group import:
Microsoft Entra ID (formerly Azure Active Directory)
Prerequisites
Before you begin, ensure the following:
You have administrative access to your external identity provider (Microsoft Entra ID, Okta, or JetBrains Account).
You have the required credentials and permissions to retrieve users and group data from your identity provider.
You have Low-level Write permission for your Hub site.
Set Up an Authentication Module
The first step is to set up an authentication module in your application to connect with the external identity provider. For detailed instructions, refer to the setup instructions for the identity management platform used by your organization.
Synchronize Users and Groups
Hub has two schemes for synchronizing user accounts.
The first scheme is applied during login.
Any time a user uses credentials from an external identity management platform, Hub synchronizes the user profile and group membership data with the information stored in the identity provider account. This synchronization is performed per user.
The second scheme is applied according to the schedule defined in the authentication module. This scheme applies to all users and groups.
If the Scheduled sync setting is enabled, you can choose from one of three predefined intervals:
Hourly
Every 3 hours
Daily at 9 AM
You can also launch the synchronization manually at any time by clicking the Sync now button in the header of the page for the authentication module connected to the identity provider.
If the setting is disabled, group memberships are still synchronized on a per-user basis during login.
The synchronization feature is only active when the authentication module is Enabled.
SCIM 2.0 Provisioning
Hub supports provisioning of users and groups from external identity providers using the SCIM 2.0 standard. This means you can sync group membership and user profiles with any service provider that supports SCIM.
To enable SCIM provisioning, you need to set up an authentication module for the external identity provider. You can then configure the identity provider to exchange information using the SCIM endpoint for Hub. The authentication module then synchronizes users and groups from the external identity provider.
This setup requires that you store the following information in the SCIM provisioning settings for your IdP:
The SCIM endpoint URL for your Hub installation. This endpoint is:
<hub-base-url>/hub/api/rest/scim2To locate the base URL for your Hub site, refer to the Settings tab on the Services page for the Hub service. If the Base URLs setting is empty, use the Home URL. For additional information, see Settings.
Authentication credentials in the form of a permanent token. To learn how to generate a permanent token for your Hub account, see Manage Permanent Tokens
For sample configurations, please refer to the setup instructions for the following identity providers: