Overview

Directory sync allows you to automatically provision users and manage their permissions in Aleph by leveraging the identity provider your organization is using (e.g. Okta) as the single source for user and group information.

Once configured, it enables automated syncing of user identity information from identity providers to Aleph using SCIM (System for Cross-domain Identity Management), an open standard for managing automated user and group provisioning.

Any users that are assigned in the Aleph application in your identity provider will be created in Aleph. Groups in your directory will be mapped to groups in Aleph (if you are using OneLogin, see📄 Provisioning groups in OneLogin). Using custom attributes, you can also set user roles (see📄 Setting user roles via SCIM).

Read more about users & permissions in Aleph on our Users doc page.

Directory sync configuration

We support many user directory providers: Okta, Google, Microsoft Active Directory and more. With directory sync you can provision, update and deprovision users in Aleph automatically from your directory provider.

To set up directory sync, we'll provide a link with a step-by-step wizard. When you are ready to do the setup, please contact your Customer Success Manager.

Many of the common identity providers like Okta, Microsoft Active Directory, Workday, and Google workspaces are supported.

Frequently asked questions

What happens to existing users when directory sync is enabled?

Aleph will identify existing users based on their email, and update (i.e. overwrite) their access and group based on the user data synced from your identity provider.

Any users that exist in Aleph but not in identity providers will retain access to Aleph and retain its role originally assigned to them.

What happens to existing users when directory sync gets disabled?

If directory sync connection becomes disabled, all users and groups will be left in the state at the time of disconnection and stop syncing from your identity provider.

Can I continue to invite users to Aleph from the Aleph web app once directory sync is enabled?

No, once directory sync is enabled you can't invite/update/delete users or groups.