> ## Documentation Index
> Fetch the complete documentation index at: https://docs.navattic.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Directory Sync

> Automatically provision users using an identity provider, such as Okta.

<Info>
  Enabled in workspaces on the Growth plan and above.
</Info>

### What does Directory Sync do?

1. **Centralized User Provisioning:** Admins can now easily add and remove users from your directory provider through a unified User Lifecycle Management (ULM) process. Your directory provider will be the source of truth for user and group lists, and Directory Sync will keep everything up-to-date in Navattic
2. **Automatic Updates:** No more duplicate manual data entry. Directory Sync takes care of:
   * Provisioning new users
   * Updating user attributes such as name and email
   * Deprovisioning users from your workspace

<Warning>
  With Directory Sync enabled, all users must be managed through SCIM.
</Warning>

### How to enable Directory Sync for your workspace

Once Directory Sync is enabled, you can navigate to Settings > Security > Directory Sync to set up the configuration.

Follow the steps to connect to your Directory provider.

Now, your Navattic workspace members will be updated accordingly when you add or remove users from your Directory.

<CardGroup cols={2}>
  <Card
    horizontal
    title="Entra ID SCIM (formerly Azure)"
    href="https://workos.com/docs/integrations/entra-id-scim"
    icon={
  <img src="https://cdn.workos.com/provider-icons/light/azure.svg" className="my-0 h-6 w-6" />
}
  />

  <Card
    horizontal
    title="Google SCIM"
    href="https://workos.com/docs/integrations/google-directory-sync"
    icon={
  <img src="https://cdn.workos.com/provider-icons/light/google.svg" className="my-0 h-6 w-6" />
}
  />

  <Card
    horizontal
    title="JumpCloud SCIM"
    href="https://workos.com/docs/integrations/jumpcloud-scim"
    icon={
  <img
    src="https://cdn.workos.com/provider-icons/light/jumpcloud.svg"
    className="my-0 h-6 w-6"
  />
}
  />

  <Card
    horizontal
    title="OneLogin SCIM"
    href="https://workos.com/docs/integrations/onelogin-scim"
    icon={
  <img
    src="https://cdn.workos.com/provider-icons/light/onelogin.svg"
    className="my-0 h-6 w-6"
  />
}
  />

  <Card
    horizontal
    title="Okta SCIM"
    href="https://workos.com/docs/integrations/okta-scim"
    icon={
  <img src="https://cdn.workos.com/provider-icons/light/okta.svg" className="my-0 h-6 w-6" />
}
  />

  <Card
    horizontal
    title="Rippling SCIM"
    href="https://workos.com/docs/integrations/rippling-scim"
    icon={
  <img
    src="https://cdn.workos.com/provider-icons/light/rippling.svg"
    className="my-0 h-6 w-6"
  />
}
  />

  <Card
    horizontal
    title="CyberArk SCIM"
    href="https://workos.com/docs/integrations/cyberark-scim"
    icon={
  <img
    src="https://cdn.workos.com/provider-icons/light/cyberark.svg"
    className="my-0 h-6 w-6"
  />
}
  />

  <Card
    horizontal
    title="PingFederate SCIM"
    href="https://workos.com/docs/integrations/pingfederate-scim"
    icon={
  <img
    src="https://cdn.workos.com/provider-icons/light/ping-identity.svg"
    className="my-0 h-6 w-6"
  />
}
  />

  <Card horizontal title="Generic SCIM" href="https://workos.com/docs/integrations/scim" icon="id-card" />
</CardGroup>

## Mapping groups to teams

After setting up Directory Sync, you can link identity-provider groups to Navattic teams. When a user is added to or removed from a group in your directory, their Navattic team membership updates automatically.

### Setting up team mapping

1. Navigate to **Settings > Teams** and open the team you want to configure.
2. Select **Add directory group** and choose the group from your identity provider.
3. Confirm the mapping. Members of that group will be synced into the Navattic team.

<Note>
  Team mapping requires Directory Sync to be active and at least one group defined in your identity provider.
</Note>

### Removing a team mapping

When you remove a group mapping, you are prompted to choose one of two options:

* **Keep current members** — Existing team members remain in the team after the mapping is removed.
* **Remove current members** — Members who were added via the mapping are removed from the team when the mapping is deleted.

# FAQs

<Accordion title="How do I assign Navattic workspace roles to users added via directory sync?">
  Contact [success@navattic.com](mailto:success@navattic.com) to request this service. Please include the Group Name(s) and desired Navattic user role (ex. "I'd like to set all Marketing Operations (group name) to be Builders (user role) in my Navattic workspace.") This is a custom connection that our team can help enable.
</Accordion>