Most companies have some sort of internal system that tracks all of their employees & the department or division where they work. Commonly these are referred to as Human Resource Information Systems (HRIS) or Identity Provider (IdP) systems.

Directory Sync is a feature that allows an organization to easily sync all of their HRIS data with other applications or software. There’s a couple distinct technologies that fall under the umbrella of the Directory Sync product but at the core is a technology standard called System for Cross-domain Identity Management or SCIM. You’ll often see it written with the version of the standard e.g. SCIM 1.1 or SCIM 2.0.

When setting up a new app or system for use within a company, inevitably there comes a point where all of the users need to be invited. This is really simple if there are only 10 people; less so when it’s 100, and progressively gets more difficult.

Did everyone accept the invite and set up their account?

Are all the names/emails/team/roles/etc. correct?

What about when someone leaves an organization?

Some poor administrator will need to go through a list of all a company's apps and make sure the departed employee’s access is revoked.

In applications where accurate team assignments are critical to the functionality of the app (like Tactic!) things get even more complicated. Instead of relying upon manual intervention by an admin or relying upon individual employees to make timely updates, Directory Sync provides an automated mechanism where all of the changes discussed above are handled automatically and within seconds of the data being updated.

Directory Sync is built with one single purpose in mind: to make an admin’s life easier.

To set up Directory Sync, an organization will need three things:

🚧 Since Directory Sync & SSO are typically set up together, the enterprise URL's are nearly, in almost all cases the URL's that you want to be forwarded to your authentication provider. See our Single Sign-On article for more details.

💡 Note: If you do not see your provider, don’t worry. You may still be able to set up Directory Sync via the generic “SCIM 1.1” or “SCIM 2.0” options. You will need to check if your provider allows for generic SCIM connections. If so, you can use those options.

Once Directory Sync has been set up, there should now be users & teams populated within the Tactic app. Sometimes the initial import process can take a few hours to finish, depending both on the volume of records and the constraints of the HRIS system. In most cases, it will only take a few minutes.

After confirming all users & accounts have accurately been synced to Tactic, it’s time to finish any desk or office assignments, start creating recurring meetings with teams invited as attendees, or any other setup tasks that require accurate user & team information.

We’re always adding new providers but currently the list includes:

First and foremost, send an email to [email protected] so we can get it added to our product roadmap! Also, that's why the "SCIM 1.1" and "SCIM 2.0" options are on the list. If your provider has SCIM compliant endpoint, you can use those options (use 2.0, if available) for the setup and it still should work. If you're seeing any funny business, again please reach out and someone on our team will try to help.

It is possible to use Directory Sync without SSO but we highly recommend using them together. We purposefully try to make both SSO and Directory Sync affordable since it makes everyone’s experience with Tactic better. If you use Directory Sync without SSO, essentially it will allow for up-to-date information but onboarding will still be a bit of a hurdle.

You will need to contact your Tactic customer success manager or work with the Tactic support team to coordinate a welcome email that will allow each employee to claim their pre-created account.

The alternative to a welcome email is asking all employees to trigger an email reset via the “Forgot my password” link on the login page. Additionally, if the employee's email address is updated within the HRIS system, you will need to create a support ticket to have the email used for the user’s email login to be changed as well.

Once you’ve set up the SCIM connection between Tactic and your Identity Provider System (IdP) or HRIS, updates are sent to a Tactic API endpoint by your IdP every time there is a registered change. These updates are processed by Tactic and reflected within your account as quickly as we receive them.

This will vary depending on the system you’re trying to sync with but generally SCIM endpoints are fairly well documented by each respective IdP. If you have questions specifically about what is required for your specific system, typically the best place to start is your IdP system’s documentation.