Before setting up SSO and SCIM Provisioning, it's important to be clear on the target audience of a Nosco platform.
Considerations
SSO is gives users access to a Nosco platform, based on a company directory (e.g. Azure AD), but it doesn't pre-emptively create the users in the Nosco platform. In practical terms, this means that the Nosco platform will initially be empty of users; as users log in the platform, their account is created automatically (this can be disabled).
SCIM, on the other hand, will automatically create users in a Nosco platform. In practical terms, this means that the Nosco platform will have all SCIM-based users immediately available, ready to be added to channels, participate in messaging etc. However, this also means that users will be able to see each other (as long as they share a channel; in practice, a single "open for all" channel will have this effect). It's important to remember this, especially if there's guests or external users in the platform.
Finally, a note that while usually SSO and SCIM work together, the groups managed by each can be different. For example, you may give all employees access via SSO, but only manage a subset of them via SCIM. You can have SSO without SCIM, or SCIM without SSO (users will need to create a password to login).
Preparation Checklist
- Is this an internal-only platform (only people from the organisation will use it), or will externals also be able to log in?
- If externals exist, should they be able to see all the internal users, or only the internal users active in the Nosco platform?
- If externals exist, would they be known from the start, or is the platform open for public sign ups?
- Should everyone in the organisation have access to the platform, or is it only a subset of the employees (e.g. regional/department)? Does this subset have a corresponding group or attribute in the Active Directory, that can be used for selecting the users?
- If only a group of employees should have access, but no Active Directory attribute exists to filter them, can an Excel list of these users be created? How often would the list need to be updated?
- Are there specific user attributes (e.g. department, region, business unit etc) that will be useful to sync as user labels to the Nosco platform? Do they exist in a usable format in the Active Directory? If not, can an Excel list be created, and how often would the list need to be updated?