Table of Contents
Authentication, SSO, & SCIM - Start Here
Use this hub to understand how authentication works in LinearB, choose your SSO provider, configure SCIM provisioning (Okta only), and manage or disable identity integrations. This page links to all…
Use this hub to understand how authentication works in LinearB, choose your SSO provider, configure SCIM provisioning (Okta only), and manage or disable identity integrations. This page links to all configuration guides.
Note: SSO and SCIM are not enabled by default. Please contact LinearB Support to enable these features for your organization.
Overview
LinearB supports:
- SAML 2.0 SSO with:
- Okta
- Google Workspace (GSuite)
- Azure AD / Microsoft Entra
- SCIM Provisioning (Okta only)
SSO centralizes authentication and improves security. SCIM automates user lifecycle (create, update, deactivate).
Where to configure:
All authentication settings live under
Settings → Authentication / SSO
Who can configure:
LinearB Admins only.
Choosing an SSO Provider
Use the provider your organization already uses for identity and access management.
- Okta — recommended for organizations needing both SAML SSO and SCIM provisioning.
- Google Workspace — easy to set up and ideal for teams using Google Identity.
- Azure AD / Entra — best for Microsoft-centric organizations.
If you already use one of these IdPs for other internal apps, you should configure SSO for LinearB to streamline onboarding.
SSO Setup Guides
- Configuring SAML SSO with Okta
- Configuring SAML SSO with Google Workspace
- Configuring SAML SSO with Microsoft Entra (formerly Azure AD)
Each provider guide includes steps for:
- Setting up a SAML application
- Configuring the Entity ID & ACS URL
- Adding the X.509 certificate
- Assigning users
- Testing & enforcing SSO
SCIM Provisioning (Okta Only)
What SCIM does
- Automatically provisions new LinearB users
- Updates user profile attributes
- Deactivates LinearB users when deactivated in Okta
- Keeps identity data centralized and consistent
Guide:
Note: SCIM is supported only with Okta. Microsoft Entra and Google do not support SCIM provisioning for LinearB.
Enforcing SSO for your LinearB Organization
You can require all users to authenticate through your identity provider.
Steps:
- Go to Settings → Authentication / SSO.
- Enable the toggle “Require SSO for all users”.
- Save your settings.
After enforcement:
- Users must sign in via your SSO provider only.
- Email/password login will be disabled.
- New users must be added via your IdP (or SCIM, if using Okta).
How to Disable SSO
When would you disable SSO?
- Changing identity providers
- Testing a new SSO configuration
- Restoring access for users locked out of the IdP
Steps to disable SSO:
- Go to Settings → SSO.
- Turn off the SAML Authentication toggle.
- If enforced, uncheck the Require SSO option.
- Save your settings.
Result: Users can again log in with email + password, and SSO logins will no longer be required.
How to Disable SCIM Provisioning (Okta)
When would you disable SCIM?
- Switching identity providers
- Stopping automated user lifecycle management
- Debugging unexpected provisioning changes
Steps in Okta:
- Open the LinearB Okta application.
- Go to the Provisioning tab.
- Under Integration, click Edit.
- Disable API Integration.
- Save your settings.
Steps in LinearB:
- Go to Settings → SCIM .
- Revoke the SCIM token (optional but recommended).
Result: Okta will no longer create, update, or deactivate LinearB users via SCIM. Existing LinearB users remain unchanged.
FAQs
Can I configure SSO with multiple providers?
No — LinearB supports one SAML SSO provider at a time.
Do new SSO users get a default role?
Yes, new users created through SSO or SCIM begin as Viewer.
Does disabling SSO remove user accounts?
No — it only changes how users authenticate.
Does SCIM assign users to Teams?
No — team membership is managed inside LinearB.
Next steps:
How did we do?
Setup Guide - Google Workspace (GSuite) SAML SSO
