Skip to main content

Documentation Index

Fetch the complete documentation index at: https://ona.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Available on the Enterprise plan. Contact sales to learn more.
When enabled, only users provisioned via SCIM can access the organization. Users attempting to sign in via SSO without a SCIM-provisioned account are blocked. Useful when:
  • Centralizing account lifecycle management in your identity provider
  • Ensuring every user in the organization has a corresponding directory entry
  • Preventing access from users outside your provisioned scope, even if they can authenticate via SSO

Prerequisites

The toggle is disabled until SCIM provisioning is configured and enabled.

Configuration

  1. Go to Settings → Organization → Policies
  2. Toggle Restrict Account Creation to SCIM
Changes take effect immediately for new sign-in attempts. Existing members are not removed.

Effect on users

User typeBehavior
SCIM-provisioned usersSign in normally via the linked SSO provider
Non-provisioned users (SSO only)Blocked from creating an account or joining the organization
Existing membersRetain access; remove via your IdP or by deactivating the user
Before enabling, confirm that all users who need access are in scope of your SCIM provisioning. Users outside the provisioning scope will lose the ability to sign in to a new account, even with valid SSO credentials.