> ## Documentation Index
> Fetch the complete documentation index at: https://onlook.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# SSO & SCIM

> Configure SAML 2.0, OIDC, and SCIM provisioning for Attune Compliance.

## Supported protocols

| Protocol | Use case                                       |
| -------- | ---------------------------------------------- |
| SAML 2.0 | SSO with Okta, Azure AD, Google Workspace      |
| OIDC     | SSO with any OAuth 2.0 provider                |
| SCIM 2.0 | Automated user provisioning and deprovisioning |

## SAML setup

1. In your IdP, create a new SAML application.
2. Set the **ACS URL** to `https://api.onlookai.com/auth/saml/callback`
3. Set the **Entity ID** to `https://api.onlookai.com`
4. Copy the IdP metadata XML and paste it into **Settings → SSO** in the Attune dashboard.

## SCIM setup

1. In the Attune dashboard, go to **Settings → SCIM** and generate a SCIM token.
2. In your IdP, configure the SCIM endpoint: `https://api.onlookai.com/scim/v2`
3. Use the generated token as the Bearer token.

## Roles

| Role    | Permissions                                     |
| ------- | ----------------------------------------------- |
| Admin   | Full access — settings, users, policies, export |
| Analyst | Read sessions, scores, and audit logs           |
| Viewer  | Read-only dashboard access                      |

Roles are assigned via the Attune dashboard or pushed from your IdP via SCIM group mappings.