What is SSO?
Single Sign-On (SSO) allows your team members to log into Claap using your company's Okta credentials. Instead of creating a separate account and password for Claap, users authenticate through your organization's identity provider, making access more secure and convenient.
Benefits of SSO:
Users sign in with their existing company credentials
Centralized access control through Okta
Enhanced security with no separate Claap passwords to manage
Users can access Claap directly from their Okta dashboard
What is SCIM?
SCIM (System for Cross-domain Identity Management) automatically synchronizes user accounts between Okta and Claap. When you add or remove employees in Okta, their Claap access is updated automatically.
Benefits of SCIM:
Automatic user provisioning when employees join your organization
Automatic suspension when employees leave
Centralized management of user roles and licenses
No manual user administration required in Claap
Key Features
Domain Verification
Before enabling SSO, you must verify ownership of your company's email domain(s). This ensures only users with verified company email addresses can access your workspace through SSO.
You can verify multiple domains (e.g.,
company.com,subsidiary.company.com)Domain verification requires adding a TXT record to your DNS settings
Enforce SSO
Once SSO is configured, workspace Admins can Enforce SSO to require all workspace members to sign in through Okta. When enforced:
Members and Admins must use SSO to access the workspace
Workspace Owners and Guests can still use other sign-in methods
Users from the configured domains who attempt to log in with email/password will be redirected to SSO
Automatic Account Creation
When enabled, new users who sign in through SSO for the first time are automatically added to your Claap workspace. This eliminates the need for manual invitations.
User Roles and Licenses with SCIM
With SCIM enabled, you can manage user roles and licenses directly from Okta using group assignments:
Available Roles:
Member
Admin
Available Licenses:
Basic
Pro
Business
Assign users to Okta groups that map to specific Claap roles and licenses. When a user belongs to multiple groups, they receive the highest-level role and license.
What Changes When SCIM is Enabled
When SCIM is active, certain workspace features are managed exclusively through Okta:
Action | Without SCIM | With SCIM |
Add workspace members | Manual invitations | Automatic |
Remove workspace members | Manual suspension | Automatic |
Change user roles | Admin can change in Claap | Managed via groups |
Change user licenses | Admin can change in Claap | Managed via groups |
Invite Guests | Available | Still available |
Workspace invitation link | Available | Disabled |
Important notes:
Workspace Owners retain full control and are not affected by SCIM
Guests can still be invited and managed manually
Users cannot rename their accounts if they belong to a SCIM-managed workspace
Getting Started
SSO and SCIM setup requires coordination between your IT administrator (who manages Okta) and the Claap team.
To get started:
Contact your Claap account manager to enable SSO and SCIM features
Verify your company domain(s) in Claap workspace settings
Your IT administrator creates the Claap application in Okta
Share the Okta configuration details with Claap
Configure user groups and assignments in Okta
Test the integration with a small group of users
Roll out to your entire organization
Signing In via Okta
Once configured, users can access Claap in two ways:
From Okta Dashboard: Click the Claap tile in your Okta app catalog
From Claap: Go to the Claap sign-in page and select "Sign in with SSO"
Frequently Asked Questions
Can I use SSO without SCIM?
Yes. You can enable SSO for secure authentication while continuing to manage users manually within Claap.
What happens to existing users when I enable SCIM?
Existing users in your workspace will be matched with their Okta accounts by email address. Users not in Okta will be suspended.
Can Guests use SSO?
Guests (external collaborators) are not required to use SSO, even when Enforce SSO is enabled. They can continue using email/password or Google sign-in.
What happens when someone leaves the company?
When you deactivate a user in Okta, their Claap account is automatically suspended. Their content remains in the workspace and can be accessed by other team members with appropriate permissions.
Can users create their own workspaces?
When SSO is enforced, users cannot create new personal workspaces—they can only access the SSO-enabled workspace.
Need Help?
If you have questions about setting up SSO or SCIM for your organization, please contact your Claap account manager or reach out to our support team.