Identity providers
Connect HomeBase to your identity provider for unified user inventory, sign-in risk monitoring, and automated response (account disable, session revocation, MFA enforcement).
Supported providers
| Name | Type | Required | Description |
|---|---|---|---|
| Azure AD / Entra ID | IdP | No | OAuth 2.0 + Microsoft Graph. See the Azure integration guide. |
| Okta | IdP | No | Okta API token + System Log streaming. |
| Google Workspace | IdP | No | OAuth 2.0 + Directory API + Reports API. |
| JumpCloud | IdP | No | JumpCloud API key + Event Streaming. |
| Generic SAML | protocol | No | Read-only attribute assertion mapping for SSO. |
| SCIM 2.0 | protocol | No | Bidirectional user provisioning and deprovisioning. |
Okta setup
1. Create an Okta API token
In your Okta Admin Console, go to Security → API → Tokens → Create Token. Name it HLD HomeBase. Copy the token value.
2. Enable System Log streaming (recommended)
For near-real-time event delivery, configure Okta Event Hooks to push to HLD:
bash
# HLD Okta event hook endpoint
POST https://ingest.hldgroup.org/v1/idp/okta?tenant_id=ten_01hxyz&token=INGEST_TOKEN3. Register the integration
bash
POST /v1/integrations
{
"type": "okta",
"tenant_id": "ten_01hxyz",
"credentials": {
"domain": "yourcompany.okta.com",
"api_token": "your-okta-api-token"
},
"config": {
"ingest_users": true,
"ingest_system_log": true,
"enable_response_actions": true
}
}Note:Setting
enable_response_actions: true allows HomeBase and Sentinel to disable accounts and revoke sessions in Okta directly via the API. This requires the API token to have Super Administrator privileges for response actions, or at minimum Read-Only Administrator for read-only ingestion.SCIM provisioning
HomeBase exposes a SCIM 2.0 endpoint for bidirectional user sync. Configure your IdP to use:
bash
# SCIM base URL
https://api.hldgroup.org/v1/scim/v2
# Bearer token (generate in HomeBase → Settings → SCIM)
Authorization: Bearer hld_scim_xxxxxxxxxxxxxxxxxxxxSupported SCIM operations: GET /Users, POST /Users, PATCH /Users/:id, DELETE /Users/:id, GET /Groups.