SCIM and SSO for partner teams
Give your team enterprise sign-in and directory-driven provisioning — and know exactly where IT goes to set it up.
What you get
- SSO (single sign-on) — your team signs in to The Quantum Club with your company identity provider instead of separate passwords. Access policies you already enforce — MFA, device rules, session length — apply automatically.
- SCIM 2.0 provisioning — your identity provider creates, updates, and deactivates user accounts automatically. New hires get access on day one without an invite; leavers lose access the moment IT deactivates them, which is the part security teams care about most.
Supported identity providers for SCIM provisioning: Okta, Microsoft Entra ID, OneLogin, and Google Workspace.
Why teams turn this on
- Offboarding is enforced, not remembered. Deactivation in your directory deactivates platform access — no orphaned accounts holding candidate data.
- Group-based access. Map directory groups to platform access so team membership follows your org structure.
- Audit-ready. Provisioning actions are logged, which pairs with the partner audit log for compliance reviews.
Where to set it up
Setup is an IT-level task documented in the Platform section, including identity-provider-specific walkthroughs, token handling, and the supported SCIM filter syntax:
SSO setup
Connect your identity provider for single sign-on.
SCIM provisioning
Full SCIM 2.0 reference: endpoints, tokens, Okta, Entra ID, OneLogin, and Google Workspace.
Order matters
Set up SSO first, then layer SCIM provisioning on top. SSO controls how people sign in; SCIM controls which accounts exist. Most identity providers configure both from the same application entry.
Related
Greenhouse ATS sync
Connect Greenhouse once and stop reconciling by hand — candidates and pipeline updates stay consistent across both systems.
Webhooks for partner teams
Push hiring events to systems you control the moment they happen — dashboards, automation, warehouse feeds — with the full reference one link away.