SSO and SCIM setup
SAML 2.0, OIDC + PKCE, SCIM 2.0 user/group provisioning.
SAML 2.0
Tell your IdP about Agentics:
SP metadata: https://agentics.you/api/sso/saml/metadata?tenant=<your-tenant> ACS URL: https://agentics.you/api/sso/saml/acs?tenant=<your-tenant> SP Entity ID: https://agentics.you/saml NameID: EmailAddress
Required attributes: email, given_name, family_name. Optional: groups for role mapping.
OIDC + PKCE
Authorize URL: https://agentics.you/api/sso/oidc/login?tenant=<your-tenant> Redirect URI: https://agentics.you/api/sso/oidc/callback Scopes: openid email profile groups
SCIM 2.0
Base URL: https://agentics.you/api/scim/v2 Auth: Bearer <scim-token> (generate one in Console → Settings → SCIM) Schemas: User, Group, ServiceProviderConfig, ResourceTypes, Schemas
Group memberships are mapped onto Agentics RBAC roles. Edit mappings in Console → Settings → SCIM.
Role mapping (default)
| IdP group | Agentics role |
|---|---|
| agentics-superadmin | superadmin |
| agentics-org-admin | org_admin |
| agentics-security | security_admin |
| agentics-grc | grc_admin |
| agentics-billing | billing_admin |
| agentics-auditor | auditor |
| agentics-editor | editor |
| agentics-operator | operator |
| agentics-observer | observer |
| (none) | read_only |