Identity provider integrations
Sync users, groups, and sign-in activity from your company directory into Doow.
Use identity provider integrations when Doow needs to know who your users are, which apps they access, and when they last signed in.
Identity data is different from HRIS data. Identity providers show directory users, groups, and app sign-in activity. HRIS shows whether those users are employees, which department they belong to, and whether they have left the company.
Supported providers
Sync users, groups, and OAuth token activity from your Workspace domain.
Sync users, groups, and sign-in records from Microsoft Entra ID.
Sync users, groups, and sign-in activity from your Okta organization.
Sync users and login events from your OneLogin directory.
Sync users from your Zoho Directory.
When to use an identity provider
Connect an identity provider when Doow needs any of the following:
- A list of directory users and their email addresses.
- Sign-in activity that shows which apps each user accesses through SSO.
- Automatic app discovery based on who signs in to what.
- A user baseline to compare against HRIS records or usage data.
Use HRIS instead when Doow needs departments, managers, job titles, or employment status.
How identity connections work
When you connect an identity provider, you authorize Doow through OAuth or by providing API credentials. Doow does not receive your directory login password.
- Google Workspace, Microsoft 365, and Zoho use OAuth. You sign in with an admin account and approve read-only access on the provider's consent screen.
- Okta and OneLogin use client credentials. You create a dedicated API application in your provider, then paste the client ID and client secret into Doow.
After the initial sync, Doow refreshes user data daily and sign-in activity on a recurring schedule. Google and Okta also support real-time webhooks so Doow can receive sign-in events as they happen.
What Doow reads from identity providers
| Field | Description |
|---|---|
| Users | Name, work email, account status, and provider-specific profile fields |
| Groups | Group names and memberships where the provider exposes them |
| Sign-in activity | App sign-in events, timestamps, IP addresses, and app names |
| Organization | Domain or tenant identifier used to scope records to your company |
Zoho Directory does not expose sign-in activity to Doow. If you need app sign-in data alongside Zoho users, connect a usage source separately.
What Doow does not read
- Passwords, MFA factors, or authentication secrets
- Email content, calendar events, messages, or file contents
- Salary, payroll, or financial data
- Data outside the approved directory and audit scopes
How Doow uses identity data
App discovery: When a user signs in to an app through SSO, Doow sees that sign-in event and adds the app to your organization's app inventory automatically. You do not need to add apps manually.
User matching: Doow uses the work email from your identity provider to match directory users against HRIS employees and usage records from other sources.
Seat tracking: Each unique user who signs in to an app counts as an active seat. Doow tracks active user counts per app so you can see utilization.
Confirm the sync worked
After connecting, open the integration detail page from Company Settings, then Integrations. A healthy identity sync shows a connected state, a recent sync timestamp, and imported user records.
If the connection succeeds but no users appear, verify that the admin account or API credentials belong to the intended directory and have the required read permissions.
Disconnecting
Go to Company Settings, then Integrations, find your identity provider, and select Disconnect. Doow deletes the stored authorization or credentials immediately. Revoke or remove the Doow application in your identity provider when you want to remove provider-side access too.
Next steps
Open the setup guide for your identity provider:
After users appear, connect HRIS if Doow needs department, manager, or employment status. Connect a usage source when Doow needs to compare directory access against actual app usage.