General
This page contains company-wide settings that are applied to all projects.
Basics
This page section contains information about the company:
Company name
The company name displayed in the upper left corner of the Asset Hub, unless a project logo has been uploaded under Branding
Default language
When a language is selected, it will be shown by default to all users.
Please note that each user can change it individually through the settings in My Account.
Session Timeout
This is the default session timeout, which logs out the user after a certain amount of time after the last activity was made.
Access management
In this section, the company-wide security settings can be specified.
Multi-factor authentication
Enable or disable MFA for the entire company. The MFA code will be sent via their phone or email. Please note that MFA is bypassed if SSO is enabled.
Single sign-on (SSO)
Configure SAMLv2-based SSO to enable users to access the Asset Hub using SSO via an Identity Provider (IdP). You will still need to create the users in Scaleflex DAM before they will be able to login via SSO.
SCIM Provisioning
Configure SCIM (System for Cross-domain Identity Management) provisioning to provision users and teams automatically from your identity provider such as Okta or Microsoft EntraID.
SSO
Configure SSO so that users can log in with their corporate credentials (such as Active Directory, Okta, or Azure AD / Entra ID) into Scaleflex DAM.
An Identity Provider supporting SAMLv2 is required.
To configure SAMLv2-based SSO, click on the Add SSO connection button. Any Identity Provider supporting the SAMLv2 protocol is supported.
After saving the SSO connection, every user attempting to log in with an email address from the domain configured in Step 3 will be redirected to the configured Identity Provider and automatically logged into the Asset Hub if an active SAMLv2 session is enabled.
SCIM provisioning
SAML SSO is requried for enabling SCIM provisioning as users will not have a local password in the VXP and will authenticate against your organization's identity provider.
Once SSO is configured, a SCIM token can be generated to setup SCIM (System for Cross-domain Identity Management) provisioning and automatically manage the users' and teams' lifecycle from your identity provider, such as Okta, EntraID or any other IAM solution supporting SCIM. Team memberships are also synced in this way and you can assign a default user profile to each team. Click on Generate to generate a SCIM token and use it to configure SCIM with your identity provider.
Generating a SCIM token will override any previously generated SCIM token and you will need to update it in your identity provider for SCIM to continue working.
Use the SCIM token and https://hub.scaleflex.com/api/scim/v2 as SCIM 2.0 base URL / endpoint to configure SCIM provisioning with Scaleflex:
Okta
Microsoft EntraID
Once the connection is successfully configured, following steps are recommended:
Create 1 group per target user profile, e.g. VXP Viewer, VXP Contributor, VXP Developer, ... in your identity provider
Push groups to create VXP teams, the team will be automatically created as a SCIM Team in the VXP
Map the team to a project and a user profile (custom user profiles are supported) in the VXP
Add users to the group in the identity provider
Users will be automatically created in the VXP. They receive a welcome email to activate their account.
Notes:
Company-level teams are not supported - it's one team <> one project
Moving a user from a group to another in the identity provider will automatically be reflected in the team membership and user profile in the VXP for this user
Editing SCIM teams and users in the VXP is not available: the source of truth for user and team attributes is always the identity provider
SCIM users / teams can co-exist with local VXP users and teams
Un-assigning or deactivating an user in the identity provider will remove the user from the corresponding VXP teams and set her as inactive. The user is however not deleted.
If an user is member of multiple groups / teams assigned to different profiles, she will be assigned with the user profile having the largest set of permissions
SCIM teams can be used as part of accesses to manage folder and asset accesses centrally from your identity provider through SCIM
Terms and conditions (T & Cs)
Prompt new users to accept the company's T & Cs on first login
Enable or disable the requirement for users to accept the customizable T&Cs upon first login
T & Cs text
The custom text or HTML to display to users on their first login. Supports multiple languages.
Force all users to accept the new T & Cs
Modifying the content of the Ts & Cs will create a new version. Enabling this setting will force users who have already accepted the previous version to accept the updated version upon their next login.
Last updated