Group Provisioning

Group provisioning lets you sync user groups from your authentication provider (e.g. Okta, OneLogin, AzureAD) with user groups in Slite.
This ensures that permissions stay up to date automatically when members are added or removed — saving time and reducing errors.
This feature is part of the Premium and Enterprise plans. See  our plans and pricing .

What It Does

When group provisioning is enabled:
  • Slite  User Groups  sync with your OAuth groups
  • Users added to your identity provider group will be automatically added to the linked Slite group
  • Users removed from your identity provider group will be automatically removed from the Slite group
Like with  User Provisioning  , Slite supports JIT (Just-In-Time) group provisioning.
Providers like Okta, OneLogin and AzureAD are fully supported, but any provider supporting the groups scope should be compatible with this feature.

How to Set Up Group Provisioning

Step one: Configure Your OAuth Provider

In your Slite app settings, within your SSO Provider account, ensure that the following tokens are configured:
  • Token configuration
  • OpenID Connect ID Connect

AzureAD Example



Okta Example

Step two: Verify OAuth (OpenID) Provider Compatibility

If your OAuth provider supports the groups scope that you've set up with them in the previous section, and is configured to send groups to Slite application, you should be able to see your current OAuth user group.
To do so:
    Click your workspace logo in the top-left corner.
    Select Settings from the menu, then stay in the My settings section.
    Scroll all the way down and click Open Debug panel .
    You should see your OAuth group listed

Step three: Enable Group Sync in Slite

Group provisioning is setup under the  User Groups  you have created in Slite:
    Click your workspace logo in the top-left corner.
    Select Settings from the menu, then go to the User groups section.
    Choose the group you want to automatically provision, and click Enable synchronization.
    A new text box will appear, allowing you to indicate the names of the OAuth groups you want to sync with the selected Slite user group.
    Copy the names of the groups from your OAuth provider and paste them in the text box, separated with a comma (e.g, usa-sales,europe-sales).
Once the sync occurs, any Slite users who aren't members of the OAuth group will be removed from the Slite group.
Users who are members of the OAuth group but not the Slite group will be added to it.

When Do Groups Sync?

The groups are synchronized when any of the following actions occurs:
  • The user signs in
  • The user's token refreshes (every hour by default)
  • The user manually clicks Refresh on their profile within Slite