How does Directory Sync work in practice?

Directory sync is responsible for provisioning, de-provisioning and updating your users on Progression based on the settings in your identity provider (IDP).

Provisioning:

When a user is created in your IDP and granted access to the Progression in your IDP, they will be automatically created in Progression.

Note: they currently do not receive email notification that an account has been created.

De-provisioning:

When a user has access to Progression removed in your IDP, they will be archived in Progression. A user could have access removed in the IDP through being removed from an access group, removed from the organisation or being deleted.

If the user is subsequently granted access to Progression, their account will be transitioned from archived to active.

Updating:

When a user's details are updated in the IDP, they will be updated in Progression. We currently sync the following attributes:

  • First name

  • Second name

  • Email

  • Manager (where manager is supplied as an email address which matches a Progression user in your organisation)

    • This is generally mapped to the field manager

  • Team (where the team name in the IDP matches a team in your organisation)

    • This is generally mapped to the field department

  • Position (where the position name in the IDP matches a position in the user's team)

    • This is generally mapped to the field title

Can I set up SSO just for a subset of my users?

Yes you can! If you are using Okta you can do this within Okta by granting users access to specific applications. The most common way to do this is to assign users to groups and allow groups to use specific apps (see here for more information).

If you are using Google Workplace you will need to add the groups you wish to sync to Progression before you add your directory.

Which SSO providers do you support?

  • AD FS SAML

  • Auth0 SAML

  • Azure AD SAML

  • Generic SAML

  • G Suite OAuth (coming soon)

  • G Suite SAML

  • JumpCloud SAML

  • Microsoft OAuth (coming soon)

  • Okta SAML

  • OneLogin SAML

  • OpenID Connect

  • PingFederate SAML

  • PingOne SAML

  • Shibboleth

  • VMWare SAML

  • CyberArk SAML

Which Directory Providers do you support?

  • Azure AD SCIM

  • Bamboo HR

  • G Suite Directory

  • Gusto

  • Hibob

  • Okta SCIM v1.1

  • Okta SCIM v2.0

  • Rippling

  • SCIM v1.1

  • SCIM v2.0

  • Workday

How much does it cost?

  • SSO and Directory Sync is only available to customers on annual plan.

  • It is free for Scale Annual customers with 50 or more seats.

  • Launch Annual customers can purchase SSO and Directory Sync as a bolt on for $1,700 per year.

Did this answer your question?