Configure OIDC and SAML identity providers for your organization
Admin access required
Only administrators can manage SSO settings.
No SSO providers configured
Click "Add Provider" to set up OIDC or SAML authentication.
Add an SSO provider first to configure user provisioning.
Just-In-Time Provisioning
Automatically create user accounts on first SSO login
New users are admin by default
JIT-provisioned users will have admin role unless overridden by group mapping
Group-to-Role Mapping
Map IdP groups to CXMind roles. Groups not listed here will use the default role above.
Require SSO for all users
When enabled, non-admin users can only sign in via SSO. Password login will be disabled for them.
Admin fallback
Administrators can always use password login as a fallback, even when SSO is enforced. This ensures you are never locked out.
SCIM 2.0 Provisioning
Enable your identity provider (Okta, Azure AD) to automatically create, update, and deactivate user accounts.
Enter this URL in your IdP SCIM provisioning configuration.
Save this token now
This token will only be shown once. Copy it and paste it into your IdP SCIM configuration.
How to configure
- Generate a SCIM bearer token above
- In your IdP (Okta, Azure AD), navigate to SCIM provisioning settings
- Enter the SCIM Base URL and Bearer Token
- Enable provisioning features: Create, Update, Deactivate
- Map your IdP user attributes to SCIM attributes (userName, name, emails)
- Optionally enable Group Push to sync groups to CXMind teams