Skip to main content
Skip table of contents

Provisioning and Deprovisioning SSO

Your team may be accustomed to real-time provisioning and deprovisioning at vendors like 101domain through SCIM when an employee is granted access to an account or leaves the company. Since SCIM is not technically supported, the security of user onboarding and offboarding is instead managed by the Authentication Policy

By choosing the SSO Only policy for your 101domain account, the system ensures that user access is inextricably linked to the set up of their user in the 101domain account and the status of their identity credentials in your organization’s IdP or User Directory. If the user is deactivated or suspended in your IdP, their identity verification fails upon their next attempted login to 101domain, preventing access.  Furthermore, identity credentials are re-authorized regularly throughout the user’s active session in the 101domain account and the Primary Account Owner may revoke a sub-user account at any time from within the control panel.

Note: An Identity Provider (IdP) is the system (such as Google, Microsoft, Okta, or OneLogin) that creates, manages, and authenticates a user's identity when they log into a separate service like 101domain.

Onboarding a User: 

The Primary account owner must set up IdP in their 101domain account, then create the sub-user’s account in the account, then must pre-configure SSO for that sub-user before that sub-user can log in with your organization’s IdP credentials.

Offboarding a User: 

The process for offboarding a user will depend on the SSO configuration for the user:

  • When a user is set to Require SSO, and a user is terminated or suspended in your organization's IdP, then the user is no longer able to authenticate and log in to your 101domain account.  The Primary Account owner should then delete the sub-user account at 101domain.  

  • When an account is set to allow SSO or username/password, then the Primary Account Owner should delete the sub-user account at 101domain to terminate access as they traditionally would.

For more information on Authentication Methods, visit our article Authentication-Only: What 101domain SSO Does.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close