User Access Provisioning — SSO, SCIM, and Internal User Management

Multiple SSO integrations require a specific product package. Contact your Customer Success Manager or Dragonboat Support to learn more or enable it for your organization.

Who this is for: Dragonboat account Owners and Admins responsible for managing user access.

What this covers: How user access provisioning works, which external identity management tools Dragonboat supports, how to manage users directly within Dragonboat, and how to enable multiple SSO integrations on a single account. Does not cover detailed user role permissions — see the User Permissions article.


This article covers:

  1. Introduction to user access provisioning in Dragonboat
  2. How provisioning, SSO avatars, and multiple SSO behave
  3. How to configure external SSO or internal user settings
  4. Plan requirements and access constraints
  5. Frequently asked questions

Introduction

Account Owners and Admins manage user access in Dragonboat — including creating accounts, modifying permissions, and deactivating users — either through supported external identity management tools or through Dragonboat's internal User Settings.


How It Works

What user access provisioning is

User access provisioning is an identity management process that ensures user accounts are created with the correct permissions. It covers three stages:

  • Onboarding: new user accounts are created with appropriate access levels.
  • Role or department changes: existing user permissions are modified as needed.
  • Off-boarding: accounts are deactivated or deleted (also called user deprovisioning).

Why it matters

Manually reviewing and assigning permissions for every user is time-consuming and error-prone. Many enterprise organizations use dedicated user provisioning tools to automate account creation, regulate permissions, and maintain visibility over identity and access management from onboarding through off-boarding. This saves time, reduces costs, and supports security and compliance requirements.

Avatar behavior with SSO

When an SSO integration is active, user profile photos (avatars) are automatically pulled from the connected identity provider. The avatar displayed in Dragonboat reflects the image provided by the SSO service and cannot be edited within the App.

Multiple SSO integrations

Dragonboat supports enabling more than one SSO integration on the same account simultaneously. When multiple SSO integrations are active, users are prompted to select which system to log in with.


How to Set It Up

Option 1: External identity management tools

Dragonboat supports the following user provisioning methods. Follow the linked integration guide for each:

  1. Admin configures Okta Single Sign-On (SSO) or Okta Open ID (OID). See the Okta Integration guide.
  2. Admin configures Azure Active Directory (AAD) / Microsoft Entra ID. See the AAD/Entra Integration guide.
  3. Admin configures Open ID Connect (OIDC). See the OIDC Integration guide.
  4. Admin configures SCIM to manage Permission Groups. See the SCIM Integration guide.

Option 2: Dragonboat internal User Settings

For organizations that do not use an external identity management platform:

  1. Owner or Admin logs in to Dragonboat. Only Owners and Admins can add, edit, and remove user access.
  2. Owner or Admin navigates to Dragonboat Settings. Settings is the central location for user management.
  3. Owner or Admin uses the User Settings section to add, edit, or remove user accounts and permissions. See the Dragonboat User Permissions guide for a detailed overview of permission levels.

Enabling multiple SSO integrations

  1. Owner or Admin logs in to Dragonboat. SSO configuration is restricted to Owners and Admins.
  2. Owner or Admin navigates to Dragonboat Settings. The SSO integration section sits within Settings.
  3. Owner or Admin enables the desired SSO integrations. Supported options are Okta, Microsoft Entra ID, and Google.
  4. End users select which SSO system to log in with at next login. Once multiple integrations are enabled, users are prompted at the login screen.

Key Notes

  • Plan Requirement: support for multiple SSO integrations requires a specific product package. Contact your Customer Success Manager to enable this for your account or to update your plan.
  • Only Owners and Admins can add, edit, and remove user access within Dragonboat.
  • When SSO is active, avatars are sourced from the identity provider and cannot be edited inside Dragonboat.
  • For additional help, contact help@dragonboat.io.

FAQ

Supported integrations

Q: Which external identity management tools does Dragonboat support?
A: Dragonboat supports Okta SSO and Okta Open ID (OID), Azure Active Directory (Microsoft Entra ID), Open ID Connect (OIDC), and SCIM for managing Permission Groups.

Q: Can I use SCIM with Dragonboat?
A: Yes. Dragonboat supports SCIM specifically for managing Permission Groups. See the SCIM Integration guide for setup instructions.

Multiple SSO

Q: Can I enable more than one SSO integration on the same Dragonboat account?
A: Yes. Dragonboat supports enabling multiple SSO integrations — Okta, Microsoft Entra ID, and Google — simultaneously on a single account.

Q: What happens when multiple SSO integrations are enabled?
A: Users are prompted to select which SSO system they want to use to log in.

Q: Is there a plan requirement to use multiple SSO integrations?
A: Yes. Support for multiple SSO integrations is available as part of a specific product package. Contact your Customer Success Manager to enable it or to update your plan.

Avatars and profile photos

Q: Can users edit their profile photo (avatar) in Dragonboat when SSO is enabled?
A: No. When an SSO integration is active, the avatar is automatically sourced from the connected identity provider and cannot be edited within Dragonboat.

Q: Why does my avatar look different in Dragonboat than in other tools?
A: With SSO active, Dragonboat displays the avatar provided by the identity provider. To change it, update the photo at the identity provider (Okta, Entra ID, or Google).

Internal user management

Q: What if my organization does not use an external identity management tool?
A: User access can be managed directly within Dragonboat using the internal User Settings. Only Owners and Admins have permission to add, edit, or remove users.

Q: Who in Dragonboat can manage user accounts and permissions?
A: Only users with the Owner or Admin role can add, edit, and remove Dragonboat account access for other users.

Q: Where can I learn more about user permission levels in Dragonboat?
A: See the Dragonboat User Permissions guide for a detailed overview of all permission levels available within the platform.


Need help? Reach out to our team via the '?' in-app, or use the Request Form.

Was this article helpful?

Have more questions? Contact support