--- title: "Integrating Duo for Provisioning" slug: "integrating-duo-for-provisioning" updated: 2026-04-15T06:40:30Z published: 2026-04-29T10:55:34Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.britive.com/llms.txt > Use this file to discover all available pages before exploring further. # Integrating Duo for Provisioning As a best practice, Britive suggests granting access to Britive profiles via groups. For more information, see [Group Sync with SCIM](/v1/docs/group-sync-with-scim). ### Configuring an Identity Provider on Britive An identity provider needs to be created in Britive for SSO. 1. Log in to the Britive application with administrator privileges. 2. Click on **System admin**->**Identity Management** from the navigation menu. 3. Click on the **Identity Providers** tab. 4. Click on the **Add Identity Provider** button. 5. Enter name and description. 6. Select **Identity Provider Type** as SAML. 7. Click **Add**. A configuration page is displayed. ### Configuring Provisioning on Britive 1. Copy the **SCIM URL** and note it down. This URL is entered later to configure on the identity provider portal. 2. Click on the **Edit** button under **Additional Settings**in the **SCIM** tab. 1. Select **the Allow tag name and description to be editable** option to allow editing of tags for externally managed tags. 3. Click on the **Edit** icon under **SCIM Provider** in the **SCIM** tab. 1. Select **Generic** from the drop-down list for configuring an identity provider. 2. Save the changes by clicking the icon next to the selection. 3. Click on **Create Token**. 4. Enter the validity of the token and create a token. Copy this generated token and note it down. Click **OK**. This token is not displayed again. This token is entered later on the identity provider portal. 5. Click on the **Recreate token**button to generate a new token, if needed. 6. Click on **Edit token validity**to update the validity. 4. Map the incoming attributes using the procedure explained in **User mapping**. #### User mapping After provisioning, by default, seven attributes from the identity provider are mapped to a Britive user. You can see the mapped attributes by checking the **Mapped Attributes** checkbox in the **User Mapping** section. Out of these attributes, *Status*, *Email*, *First Name*, *Last Name*, and *Username* are mandatory attributes. The identity provider must send these attributes for the user to be created in Britive. Additional user attributes from the identity provider can be configured in Britive. Follow these steps to map additional attributes: 1. Select **System admin**-> **Identity Management** from the navigation menu. 2. Click on the **Identity Attributes** tab. 3. Create a new attribute by clicking the **Add Identity Attribute** button. 4. Enter the following values on the **Add Identity Attribute**page: 1. Enter the name and description of the attribute. 2. Select the type of attribute from the drop-down list. 3. Check **Multi valued** field for attributes that can have multiple values. For example, user roles. 4. Click **Add**. The created attribute is displayed in the list of identity attributes. 5. Click the **Identity Providers** tab. 6. Select the identity provider and click on the **SCIM** tab. 7. Uncheck the **Mapped Attributes** checkbox to see the list of unmapped attributes. 8. Click **Edit**. 9. Map the identity attribute with the incoming SCIM attribute. 10. To add custom attributes, please select the identity attribute and type the name of the custom attribute as defined in the IDP. 11. Click **Save**. ## Configuring Provisioning on Duo 1. Log in to the [Duo Admin Portal](https://admin.duosecurity.com/login?next=%2F). 2. From the portal menu, navigate to **Applications** and search for the Britive application that has already been created, or create a new one based on the steps outlined earlier. 3. Configure SCIM provisioning: 1. Navigate to the **Provisioning** tab. 2. Select the authentication mode as **Bearer Token**. 3. Enter the following values: 1. Enter the Britive SCIM URL into the **Base URL** field. 2. Enter the SCIM token generated from Britive into the **Token** field. 4. Click on **Connect to application** to test the connection. If the connection is successful, save the configuration. If not, review the settings and try again. 4. Make sure the **User access** option is configured on the **Single Sign-on** tab. For more information, see [User access to applications](https://duo.com/docs/protecting-applications#user-access). For more information about provisioning on Duo, see [Automated Provisioning](https://duo.com/docs/automated-provisioning).