Overview

Hoxhunt supports System for Cross-domain Identity Management (SCIM), which is an industry-standard protocol for automated exchange of user identity information between different domains or IT systems.

Please note: This feature is currently only available for Azure AD, Okta and OneLogin.

Integrations for other identity providers might be published later.

With SCIM, your Azure AD, Okta or OneLogin sends employee data (identity information) to Hoxhunt to keep user data up to date. Hence, whenever you add or remove or edit an employee in Hoxhunt's Azure AD, Okta or OneLogin assignment group, Hoxhunt will automatically get this information and ensure the right users have access to Hoxhunt.

Depending on your Identity Provider (IdP), please select a suitable configuration guide:

Azure AD SSO and SCIM configuration

Okta SSO and SCIM configuration

OneLogin SSO and SCIM

Figure 1. Overview of Azure AD user provisioning to Hoxhunt.

Features

User provisioning with Hoxhunt works only one way - from your identity provider to Hoxhunt. How often provisioning is run depends on whether your are using Azure AD or Okta.

• Automatically link existing Hoxhunt users with your Azure AD or Okta user directories: Match existing identities between systems and allow for easy integration, even when users already exist in the target system.
• Automatically provision new employees to Hoxhunt: Automatically create new accounts into Hoxhunt for new employees when they join your organization or a specific Hoxhunt user group.
• Automatically remove employees from Hoxhunt who have left the company: Automatically deactivate accounts in Hoxhunt when people leave your organization or a specific Hoxhunt user group (see User soft deletion below).
• Synchronize various user attributes to Hoxhunt: Ensure that the user details such as country and department information are kept up to date in Hoxhunt whenever there are respective changes in your user directory or HR system.
• Govern access: Control, monitor and audit who has been provisioned into Hoxhunt.

User soft deletion:

As a failsafe mechanism, Hoxhunt offers a soft delete feature for automatically provisioned users. This ensures that if user is accidentally unassigned from Hoxhunt SCIM application on your side, the user's Hoxhunt data is now immediately deleted.

• • User account is soft deleted if:
    • User is unassigned from the Hoxhunt SCIM application in your identity provider
    • Group that user belongs to is unassigned from the Hoxhunt SCIM application in your identity provider
    • User is deleted from your identity provider

When any of the above criteria is met, your Hoxhunt SCIM application will ask Hoxhunt system to deactivate the user in Hoxhunt. Hoxhunt will mark the User as soft-deleted and will eventually delete the user’s data after 90 days have passed. If the user is re-activated or re-assigned in Hoxhunt SCIM application before the 90 days have passed, the soft deletion is canceled.

Important notes

SCIM can only control users within the assignment scope

Existing Hoxhunt users who are not included in your provisioning scope are left untouched, and are not controlled by SCIM. If you wish to remove these users, please remove them via Admin portal or ask assistance from Hoxhunt Support.

Provisioning doesn't automatically invite or auto-start new users to Hoxhunt training

Simply provisioning a new user to Hoxhunt doesn't automatically trigger an invite or auto-start for Hoxhunt training. Please use Hoxhunt Admin portal to enrol the new users or contact Hoxhunt Support to arrange a periodic activation schedule.