Directory Sync | SCIM – Help Center

Otter.ai now supports Directory Sync via SCIM (System for Cross-domain Identity Management), enabling organizations to automatically provision and manage users directly from their identity provider (IdP). With SCIM, admins can streamline onboarding and offboarding by syncing users and groups from providers like Okta, Entra ID, and others into Otter. This integration ensures that user access stays up to date with your organization’s directory, reducing manual admin work and improving security and compliance.

Getting Started: Directory Sync requires a minimum of 100 seats on the Enterprise plan. Contact your Otter account manager to get started.

Overview

Directory Sync enables centralized user lifecycle management, so when users are added, updated, or removed in your IdP, those changes are automatically reflected in Otter. Directory Sync helps reduce manual user administration while ensuring access to Otter remains accurate, secure, and aligned with your organization’s identity management policies.

✅ Automates provisioning

✅ Updates user information

✅ Deprovision user identities

Setting up Directory Sync

Admin: This must be set up by an admin.

Go to Manage Workspace → Settings and click Configure under Directory Sync (via SCIM).

Note: If you do not see this option in your workspace settings, contact your Otter account manager.
Select your identity provider (IdP), and follow the corresponding instructions to complete setup.
In your identity provider (IdP), create two group assignments: one for Members and one for Admins. This ensures roles are mapped correctly when users are synced to Otter, allowing admins to begin using their privileges immediately.

Note: These groups can be named however you like. This step is required. Depending on your identity provider (IdP), you may need to create these groups before continuing with setup.
Each IdP includes a step to assign the users or groups you want to provision to Otter. Only assigned users or groups will be synced. Assign the two groups you created earlier (Members and Admins) to the SCIM application.

Note: The assignment process may vary depending on your IdP.
Assign each group to its corresponding role (e.g., map your admin group to Admin and your member group to Member). The exact steps may vary depending on your identity provider (IdP).
Complete the setup to activate the directory. Once activated, users will begin syncing to Otter automatically. Users synced through Directory Sync will display an icon next to their name in the workspace member list.

Managing Group roles, permissions, and configurations

You can manage and configure roles at any time by navigating to Workspace → Settings → Directory Sync → Configure → Configure role assignment. Be sure to assign the correct users to the appropriate groups in your IdP.

IdP-specific details

Depending on your IdP, there may be additional steps or requirements unique to that provider. Check them out below 👇

Okta Read through specific details regarding Okta setup

When setting up in Okta, make sure you create a new Okta application. The "Use existing application" option is not supported at this time.

Microsoft Entra Read through setting up Microsoft

Follow the steps provided by the setup. You can refer to the steps below for more information if needed.

Note: Be sure to create and assign two groups—one for members and one for admins—as these will define user roles.

Go to Enterprise apps and click New application.
Click Create your own application.
Name your application as desired, then choose “Integrate any other application you don’t find in the gallery (Non-gallery)” as the integration type, and click Create.
Once created, in the Overview panel, click "Connect your application".
The guide will generate the required values. Ensure that Bearer authentication is selected as the authentication method, then enter the generated values into the corresponding Tenant URL and Secret Token fields. Click Test connection.
In the Provisioning panel, expand Mappings and click on Provision Microsoft Entra ID Users.
Make sure Enabled is set to "Yes", and the following are checked:
- Create
- Update
- Delete
Click Edit next to externalID.
For Source attribute, select objectID. Make sure to Save and click Yes to accept changes.
Ensure the emails[type eq “work”].value SCIM attribute has a valid email value. For cloud-managed users, confirm that a known email attribute, such as UPN, is being pulled from the mail attribute in Exchange. If your directory has synchronized-users, make sure that the userPrincipalName attribute is mapped to emails[type eq "work"].value.
In the Users and groups panel, click "Add user/group".
Ensure you assign two groups: one for admins and one for members. These groups will sync with Otter and determine user permissions. For guidance on creating and managing groups, refer to Microsoft’s documentation. Click Select.
Click Assign.
On the Provisioning page, expand Settings, then ensure Scope is set to “Sync only assigned users and groups” and Provisioning Status is turned "On".
Be sure to assign the appropriate Roles to both groups. These roles will sync with Otter to designate member and admin access. Then, click Continue.

Note: If a role is not assigned, all synced users will default to the member role, even if they are admins in Entra. To ensure permissions are correctly applied, roles must be assigned at this step.
Click Start sync to test and activate the Directory. Users will sync to Otter.
Verify that users have synced with the correct Role in Workspace → Members in Otter. Users can now be managed in your IdP. Refer to our User Provisioning and Lifecycle Management for more information.

Have any questions? Contact your Otter account manager for further assistance.

User Provisioning and Lifecycle Management

Tip: We recommend enabling domain capture to ensure full management of user profile attributes. Contact your Otter account manager to get started.

Provisioning and deprovisioning behavior depend on the user's current state. Users managed through Directory Sync will display an icon next to their name in the workspace member list. Contact your Otter account manager if you have any questions.

Synced user attributes Understand which user attributes are synced through Directory Sync.

Directory Sync synchronizes selected user attributes from your identity provider to Otter. These attributes are used to create and update user profiles, ensuring that user information remains consistent with your organization’s directory.

User Account Email
User First Name
User Last Name
User Department
User Role
Workspace role (Member vs. Admin)

Provisioning Understand how users are created and managed during provisioning.

The outcome of user provisioning depends on the user’s current state within Otter. Directory Sync may create a new account, link an existing workspace member, reactivate a deactivated user, or send an invitation, depending on whether the user already exists in the workspace.

Scenario	Outcome
New user	User account is created and an invitation is sent to join the workspace.
Existing Otter workspace member	User is linked to Directory Sync. If the domain is claimed, the user profile is updated.
Existing user (outside the Otter workspace)	No invitation is sent. Contact Otter Support to move the user into your workspace.
Deactivated user (in the same Otter workspace)	User account is reactivated.
Deactivated user (outside the Otter workspace)	An invitation is sent, but the user may remain deactivated. Contact Otter Support for assistance if needed.

Role provisioning behavior Learn how user roles are assigned and updated through Directory Sync.

Directory Sync supports provisioning and updating the following Otter workspace roles from your IdP:

Member
Admin

Deprovisioning Understand how users are removed or deactivated through Directory Sync.

When a user is removed through Directory Sync, Otter determines the appropriate action based on the user’s current status in the workspace. Depending on the scenario, Otter may revoke a pending invitation or deactivate an active user account.

Scenario	Outcome
User invited but not yet joined the workspace	The invitation is revoked.
Existing active user (in the same workspace)	The user is deactivated in the workspace.
Existing active user (outside the workspace)	The invitation is revoked.

User Profile Updates Learn how Directory Sync updates user profile attributes and how domain capture affects attribute management.

Directory Sync behavior may vary depending on whether your email domain has been claimed by your organization. Contact your Otter account manager to get started or learn more.

When a domain is claimed, Otter can fully manage user profile attributes through Directory Sync. If the domain is not claimed, limited actions may occur. The chart below outlines how provisioning and user updates behave based on domain status.

Action	Domain Status	Behavior
Provision new user	Regardless of domain	User is created and all profile attributes are set.
Provision existing user	Domain unclaimed	Invitation is sent only.
Provision existing user	Domain claimed	Invitation is sent and all profile attributes are updated.
Update user profile	Domain unclaimed	No profile attributes are updated.
Update user profile	Domain claimed	All profile attributes can be updated.
Update user email	Regardless of domain	User email is updated.
Update user role	Regardless of domain	User role is updated.

FAQs & Info

It shows me as a member. Why didn't my admin role sync to Otter?

For every IdP setup, there will be a step to assign the proper group to the admin role. Make sure the following has happened:

You are assigned to the admin group in the IdP.
During setup, make sure to assign the Roles to the groups.
You can manage and configure roles at any time by navigating to Workspace → Settings → Directory Sync → Configure → Configure role assignment. Be sure to assign the correct users to the appropriate groups in your IdP.

How do I manage group role permissions and configurations?

Syncing times will depend on your IdP.

How long does SCIM provisioning take to sync users?

Otter checks for new provisioning events every 5 minutes. During each cycle, the system processes up to 100 events per workspace. This helps ensure changes such as user creation, updates, or removals are handled efficiently.

However, the timing of these updates may also depend on your (IdP). Identity providers send provisioning events based on their own synchronization schedules.

For example:

Okta typically sends provisioning updates immediately.
Microsoft Entra ID may batch and sync updates approximately every 40 minutes.

Because of this, the time it takes for a change to appear in Otter can vary depending on how quickly your identity provider sends the update.

Workspace admin status

The workspace owner must remain in an active and valid state for Directory Sync provisioning to function properly. If the current workspace owner becomes inactive or needs to be changed, a new workspace owner in good standing should be assigned. Ensuring that an active owner is set allows user provisioning and directory synchronization to continue without interruption.

How can I tell if a user is managed by Directory Sync?

Users synced through Directory Sync will display an icon next to their name in the workspace member list. This icon indicates that the user is managed through Directory Sync and their account is provisioned and updated via Directory Sync.

Can I add members to my Otter workspace who are not managed through Directory Sync?

Yes. You can manually add members to your Otter workspace even if they are not managed through Directory Sync. However, these users must be manually managed for both provisioning and deprovisioning.

For the best experience and centralized user management, we recommend using Directory Sync whenever possible.

What happens if I delete my Directory?

This will remove synced users, groups, and settings from Otter.ai, but won't delete any users in your identity provider. This action cannot be undone. You will need to set up the IdP again to enable Directory Sync via SCIM.

If you have any questions or require further assistance, contact our Otter Support Team.