Otter.ai now supports Directory Sync via SCIM (System for Cross-domain Identity Management), enabling organizations to automatically provision and manage users directly from their identity provider (IdP). With SCIM, admins can streamline onboarding and offboarding by syncing users and groups from providers like Okta, Entra ID, and others into Otter. This integration ensures that user access stays up to date with your organization’s directory, reducing manual admin work and improving security and compliance.
Overview
Directory Sync enables centralized user lifecycle management, so when users are added, updated, or removed in your IdP, those changes are automatically reflected in Otter. Directory Sync helps reduce manual user administration while ensuring access to Otter remains accurate, secure, and aligned with your organization’s identity management policies.
✅ Automates provisioning
✅ Updates user information
✅ Deprovision user identities
Setting up Directory Sync
You will be provided a setup link to connect your IdP to Otter. Select your IdP and follow the instructions to complete setup.
Regardless of the IdP you choose, each one will contain a step to assign the users or groups you want to provision to Otter. Only users or groups assigned to the application will be synced to Otter. The process may vary depending on your IdP.
User Provisioning and Lifecycle Management
Provisioning and deprovisioning behavior depend on the user's current state. Users managed through Directory Sync will display an icon next to their name in the workspace member list. Contact your Otter account manager if you have any questions.
Synced user attributes Understand which user attributes are synced through Directory Sync.
Directory Sync synchronizes selected user attributes from your identity provider to Otter. These attributes are used to create and update user profiles, ensuring that user information remains consistent with your organization’s directory.
- User Account Email
- User First Name
- User Last Name
- User Department
- User Role
- Workspace role (Member vs. Admin)
Provisioning Understand how users are created and managed during provisioning.
The outcome of user provisioning depends on the user’s current state within Otter. Directory Sync may create a new account, link an existing workspace member, reactivate a deactivated user, or send an invitation, depending on whether the user already exists in the workspace.
| Scenario | Outcome |
|---|---|
| New user | User account is created and an invitation is sent to join the workspace. |
| Existing Otter workspace member | User is linked to Directory Sync. If the domain is claimed, the user profile is updated. |
| Existing user (outside the Otter workspace) | No invitation is sent. Contact Otter Support to move the user into your workspace. |
| Deactivated user (in the same Otter workspace) | User account is reactivated. |
| Deactivated user (outside the Otter workspace) | An invitation is sent, but the user may remain deactivated. Contact Otter Support for assistance if needed. |
Role provisioning behavior Learn how user roles are assigned and updated through Directory Sync.
Directory Sync supports provisioning and updating the following Otter workspace roles from your IdP:
- Member
- Admin
Deprovisioning Understand how users are removed or deactivated through Directory Sync.
When a user is removed through Directory Sync, Otter determines the appropriate action based on the user’s current status in the workspace. Depending on the scenario, Otter may revoke a pending invitation or deactivate an active user account.
| Scenario | Outcome |
|---|---|
| User invited but not yet joined the workspace | The invitation is revoked. |
| Existing active user (in the same workspace) | The user is deactivated in the workspace. |
| Existing active user (outside the workspace) | The invitation is revoked. |
User Profile Updates Learn how Directory Sync updates user profile attributes and how domain capture affects attribute management.
Directory Sync behavior may vary depending on whether your email domain has been claimed by your organization. Contact your Otter account manager to get started or learn more.
When a domain is claimed, Otter can fully manage user profile attributes through Directory Sync. If the domain is not claimed, limited actions may occur. The chart below outlines how provisioning and user updates behave based on domain status.
| Action | Domain Status | Behavior |
|---|---|---|
| Provision new user | Regardless of domain | User is created and all profile attributes are set. |
| Provision existing user | Domain unclaimed | Invitation is sent only. |
| Provision existing user | Domain claimed | Invitation is sent and all profile attributes are updated. |
| Update user profile | Domain unclaimed | No profile attributes are updated. |
| Update user profile | Domain claimed | All profile attributes can be updated. |
| Update user email | Regardless of domain | User email is updated. |
| Update user role | Regardless of domain | User role is updated. |
FAQs & Info
How long does SCIM provisioning take to sync users?
Otter checks for new provisioning events every 5 minutes. During each cycle, the system processes up to 100 events per workspace. This helps ensure changes such as user creation, updates, or removals are handled efficiently.
However, the timing of these updates may also depend on your (IdP). Identity providers send provisioning events based on their own synchronization schedules.
For example:
- Okta typically sends provisioning updates immediately.
- Microsoft Entra ID may batch and sync updates approximately every 40 minutes.
Because of this, the time it takes for a change to appear in Otter can vary depending on how quickly your identity provider sends the update.
Workspace admin status
The workspace owner must remain in an active and valid state for Directory Sync provisioning to function properly. If the current workspace owner becomes inactive or needs to be changed, a new workspace owner in good standing should be assigned. Ensuring that an active owner is set allows user provisioning and directory synchronization to continue without interruption.
How can I tell if a user is managed by Directory Sync?
Users synced through Directory Sync will display an icon next to their name in the workspace member list. This icon indicates that the user is managed through Directory Sync and their account is provisioned and updated via Directory Sync.
Can I add members to my Otter workspace who are not managed through Directory Sync?
Yes. You can manually add members to your Otter workspace even if they are not managed through Directory Sync. However, these users must be manually managed for both provisioning and deprovisioning.
For the best experience and centralized user management, we recommend using Directory Sync whenever possible.
Feedback
0 comments
Article is closed for comments.