Administration

SSO & SCIM

Driver supports SAML SSO (Single Sign-On) for enterprise authentication and SCIM (System for Cross-domain Identity Management) for automated user provisioning.

Note: SSO and SCIM are available on enterprise plans. Configuring them requires the Org Admin role. Navigate to Settings > SSO & SCIM to get started.

SSO

Driver supports SAML 2.0 for single sign-on, which covers most identity providers (Okta, Microsoft Entra, Google Workspace, etc.). Once configured, users authenticate through your corporate IdP instead of email and password.

Configuring SSO

  1. Open SSO settings — Go to Settings > SSO & SCIM in the Driver web app.
  2. Copy the service provider values into your IdP — Use the displayed Entity ID (Audience / Issuer), Reply URL (ACS / Single Sign-On URL), and Metadata URL when creating the SAML application in your identity provider.
  3. Add email domains — Add one or more email domains (e.g., yourcompany.com) so users with those domains are automatically redirected to your IdP on login.
  4. Provide your IdP metadata — Paste your IdP's federation Metadata URL (recommended — Driver re-fetches it periodically to pick up signing-cert rotation) or paste the metadata XML directly.
  5. Click Configure SSO — Driver validates the metadata and creates the SAML connection. Once complete, the SSO section shows that SSO is configured.

SCIM Provisioning

SCIM automates user lifecycle management. When you add or remove users in your identity provider, SCIM syncs those changes to Driver automatically. This includes:

  • Creating accounts for new users
  • Updating roles when permissions change
  • Deactivating accounts for departed users

Enabling SCIM

  1. Configure SSO first — SSO must be configured before SCIM can be enabled. The Enable SCIM button is disabled until SSO is in place.
  2. Click Enable SCIM — On Settings > SSO & SCIM, click Enable SCIM. A dialog displays the SCIM provisioning URL and a bearer token.
  3. Copy the URL and token into your IdP — Paste the SCIM provisioning URL and the bearer token into your identity provider's SCIM configuration.
  4. Test the connection — Use the Test SCIM Connection button to confirm your IdP can reach Driver successfully.

Warning: The SCIM token is displayed exactly once when SCIM is enabled. If you lose it, you must disable and re-enable SCIM to generate a new one.

Attribute Mapping

After enabling SCIM, the SCIM attribute mapping card shows how SCIM attributes from your identity provider map to Driver user fields. The defaults work for most IdPs — edit, add, or remove rows only if your IdP sends user data in a non-standard shape. Use Reset to defaults if a customization breaks provisioning.

Removing SCIM Provisioning

To stop provisioning users and teams through your identity provider, go to Settings > SSO & SCIM and click Disable SCIM. Driver revokes the SCIM token, removes the SCIM configuration from the SAML connection, and stops further sync. You can re-enable SCIM later, but a new token will be issued.

A few things to keep in mind:

  • While SCIM is enabled, users and teams provisioned through SCIM are managed by your identity provider. SCIM-provisioned teams cannot be renamed or have their membership changed in Driver, and SCIM-provisioned users cannot be deleted from Driver — these changes must be made in your IdP and will sync back automatically.
  • Email and password users can still be invited in Driver while SCIM is enabled. Enabling SCIM does not affect the standard invite flow, so SCIM-provisioned users and directly invited users can coexist in the same organization.
  • After you disable SCIM, previously SCIM-managed users and teams remain in Driver. They convert to locally managed entries and can then be edited and removed directly. Their organization memberships, roles, and content are preserved.