Inbox Zero supports SAML SSO and SCIM user provisioning for organization deployments.Documentation Index
Fetch the complete documentation index at: https://docs.getinboxzero.com/llms.txt
Use this file to discover all available pages before exploring further.
If you use the hosted Inbox Zero cloud platform, contact sales to enable SSO or SCIM for your organization. If you self-host Inbox Zero, an app admin configures SSO and SCIM from the admin page.
When to Use This
Use SSO and SCIM when your organization wants to manage Inbox Zero access through an identity provider such as Okta, Microsoft Entra ID, or Google Workspace.- SSO lets users sign in with your identity provider instead of a personal login flow.
- SCIM lets your identity provider provision, update, and deprovision users.
Prerequisites
- A deployed Inbox Zero instance with a stable
NEXT_PUBLIC_BASE_URL. - An admin user listed in
ADMINS. - SAML IdP metadata XML from your identity provider.
- The organization domain users will sign in with.
SSO_LOGIN_ENABLED=trueif you want to show the “Sign in with SSO” button on the login page.
Configure SSO
- Sign in as an app admin.
- Open
/admin. - Click Register SSO Provider.
- Enter the organization name, provider ID, email domain, and SAML IdP metadata XML.
- Save the ACS callback URL returned after registration.
- Add the ACS callback URL to your identity provider’s SAML application.
/login/sso using their email and the organization slug (a slugified form of the organization name you registered).
Configure SCIM
SCIM requires a registered SSO provider. As an app admin, generate a SCIM bearer token for the same provider ID, then configure your identity provider with:| Setting | Value |
|---|---|
| SCIM base URL | https://your-domain.com/api/auth/scim/v2 |
| Authentication | Bearer token |
| Supported resource | Users |