Overview

The Secret Token and Tenant URL (Company Key) are essential credentials for securing your SCIM integration with MyCompliance. They act as digital keys, ensuring only authorised systems can access your provisioning endpoints.

What Are They?

• Secret Token: A unique, system-generated key used to authenticate requests from your SCIM provisioning app.
• Tenant URL: A unique URL that identifies your organisation within MyCompliance.

Why They Matter

These credentials prevent unauthorised access to sensitive data and help you comply with internal security policies.

How to Generate Them

1. Navigate to Settings > Company Edit > User Provisioning > SCIM Integration Security.
2. Click Generate Token & URL.
3. Copy both the Secret Token and Tenant URL. (Only copy the relevant URL if you use Entra ID or OKTA.)
4. Enter these details into your SCIM provisioning app settings.
5. Use Refresh Token to rotate credentials for added security. Once refreshed, the Refresh Token button will be disabled and will not be able to be refreshed for another 7 days.

Important: Token Refresh Behaviour

When you refresh your Secret Token:

• The new token becomes active immediately.
• The old token will remain valid for 7 days to allow a smooth switchover and prevent disruption in user provisioning.
• After 7 days, the old token will expire and no longer work.

Best Practice

• Store your token securely.
• Rotate tokens periodically or if you suspect compromise.
• Update your SCIM app with the new token promptly after refreshing.

For more information on setting up SCIM integration, please see:

• Microsoft Entra ID SCIM Auto User Provisioning Integration
• SCIM - Okta Configuration