Skip to main content
All CollectionsAppsDirectory
Delinea App (fka Centrify)
Delinea App (fka Centrify)

Learn more about Delinea employee provisioning and single sign-on application and how it can sync employees into your Envoy directory.

Updated over a week ago

How does this application work?

If your team uses Delinea for employee provisioning, you can use this app to automatically keep your Envoy employee directory up to date. The SCIM push-based system treats the Delinea directory as your source of truth. When changes are made in Delinea, they push immediately to Envoy, so you don’t have to worry about the Envoy employee directory being out of sync.

Note: You can manually create new employees or add employees from other locations while maintaining your directory sync. This feature is helpful for contractors, temps or other people who may host visitors/receive deliveries but are not core team members. Learn more about manually adding employees.

Enabling the Envoy + Delinea app

Note: You’ll need to have Delinea admin privileges to complete this installation. Either become an admin or ask your admin for help before completing these steps:

Step one: Prepare to enable the Envoy + Delinea employee provisioning app (with SCIM)

  1. Decide whether you’d like to sync all users to all locations or sync specific users per location. This will impact how you set up the app.

Step two: Enable the Envoy + Delinea Application

  1. Go to your Apps page.

  2. Navigate to Directory and SSO, select "Directory Settings," find Delinea and click “Install.”

Step three: Choose an employee sync filter

  1. After install, you have two options on how to sync employees to your directory. Choose the one that’s right for you:

    1. Sync all employees: This is good for companies with one location, or if you prefer to have the same master Envoy employee directory at all locations within your company.

    2. Sync specific employees per location: Choose this option if you’d like to sync certain employees to certain locations (i.e., creating different Envoy employee directories per location).

      1. You can filter employees by location in Envoy based on available filters like “City”. If your Delinea account does not currently have City as a field, you will need to add it as a Custom Field. Then you’ll need to manually map all users to the City field.

      2. To sync users per location, you’ll have to select “Sync specific users per location” in your Envoy dashboard.

Step four: Configure Delinea for SSO

  1. In your Delinea account, add a new custom app.

  2. Navigate to Service Provider Configuration in your custom app under SAML Response.

  3. Fill in the Single Sign-on instructions like the following and click Save: 

  4. Navigate to Account Mapping and configure like the following: 

  5. Back in the Envoy SAML configuration section, please insert your SSO fingerprint (calculated from your X.509 certificate) and identity provider SAML URL, then save.

Step five: Configure Delinea for SCIM directory syncing

Note: SSO configuration required for SCIM.

  1. In the Envoy dashboard, navigate to the Apps page. Under installed apps, click configure on Delinea and copy the OAuth Bearer Token.

  2. In your Delinea account, navigate to Provisioning, and paste the Bearer Token.

  3. Configure your provisioning tab like the following:

    1. SCIM URL: https://app.envoy.com/scim/v2

  4. Once complete, click on “Verify”

  5. In the "Role Mappings" section be sure to set up the Envoy Role as "User"

  6. Navigate back to the Envoy Employee directory > All employees and refresh. Your employees should be syncing. (This could take a few hours for the initial sync.)

Important notes

A few notes on SCIM

  • The SCIM standard enables advanced provisioning in order to automate user lifecycle management for an application, including account creation, profile updates, authorization settings, and account deactivation.

Regarding adding employees

  • When updating or adding employees, Envoy will match based on the primary email address listed for the Delinea user. If the existing primary email address is not found in Envoy, a new employee record will be created for an existing employee to the Envoy employee directory.

Regarding employee contact information

  • The primary email address and phone number listed in Delinea will be the email address and phone number listed in the Envoy employee directory. If a user does not have a primary email address in their Delinea profile, they will not be synced to the Envoy employee directory.

Regarding assistants

  • If you plan to assign assistants manually within the web dashboard, please reach out to Envoy Support prior to setting up SCIM syncing to configure this on your account.

Related Articles
Google Workspace App
Okta
Microsoft Entra ID Integration
OneLogin
Rippling
Did this answer your question?