HintMint
Enterprise

Directory Sync

Automate user provisioning and deprovisioning with SCIM-based directory sync. Connect your identity provider to keep your HintMint workspace in sync with your organization.

Overview

HintMint supports the SCIM 2.0 protocol for automatic directory synchronization. When a team member joins or leaves your organization, their HintMint account is created or deactivated automatically — no manual intervention required.

Directory Sync is available on the Enterprise plan. Contact your account manager to enable SCIM provisioning for your workspace.

Supported Identity Providers

HintMint integrates with the most widely adopted identity providers out of the box. Each integration supports SCIM 2.0 provisioning and SAML-based SSO.

  • Okta -- full SCIM 2.0 support with pre-built app catalog integration
  • Microsoft Entra ID (Azure AD) -- enterprise application gallery listing with automated provisioning
  • Google Workspace -- directory sync via Google Cloud Identity SCIM connector
  • OneLogin -- SCIM provisioning with real-time event hooks for instant sync
If your identity provider supports SCIM 2.0 but is not listed above, you can configure it using HintMint's generic SCIM endpoint. Reach out to support for setup assistance.

Setting Up Directory Sync

Prerequisites

  • An active HintMint Enterprise subscription
  • Admin or Owner role in your HintMint workspace
  • Admin access to your identity provider
  • SSO configured and verified for your workspace

Configuration Steps

1

Open the Admin Console

Navigate to Settings > Enterprise > Directory Sync in your HintMint admin console.

2

Select your identity provider

Choose your IdP from the list of supported providers. HintMint will generate a unique SCIM endpoint URL and bearer token for your workspace.

3

Configure your IdP

Copy the SCIM endpoint URL and bearer token into your identity provider's provisioning settings. Enable provisioning and assign the HintMint application to the appropriate users and groups.

4

Test the connection

Use the 'Test Connection' button in HintMint to verify SCIM connectivity. Your IdP should confirm a successful provisioning handshake.

5

Enable sync

Toggle directory sync to active. HintMint will perform an initial full sync of all assigned users and groups.

Automatic Provisioning & Deprovisioning

Once directory sync is active, HintMint automatically manages the full user lifecycle based on changes in your identity provider.

User Provisioning

When a new user is assigned to the HintMint application in your IdP, a HintMint account is created automatically. The user receives a welcome email and can sign in via SSO immediately. Their profile attributes — name, email, department, and job title — are populated from the directory.

User Deprovisioning

When a user is unassigned or deactivated in your IdP, their HintMint account is suspended. Suspended accounts retain all meeting data and notes for compliance purposes but cannot sign in or consume a license seat.

Deprovisioned users' data is retained for 90 days by default. After this retention period, data is permanently deleted unless a custom retention policy is configured for your workspace.

Group Mapping

Map identity provider groups to HintMint teams and roles to enforce consistent access controls across your organization.

  • Map IdP groups to HintMint teams for automatic team membership
  • Assign default roles per group -- new members inherit the group's role automatically
  • Nested group support -- child groups inherit parent mappings unless overridden
  • Multi-group membership -- users in multiple groups receive the highest-privilege role
Group mappings are evaluated on every sync cycle. Changing a user's group membership in your IdP will update their HintMint team and role on the next sync.

Sync Frequency

HintMint supports both scheduled and real-time directory synchronization depending on your identity provider's capabilities.

Scheduled Sync

By default, HintMint polls your identity provider every 40 minutes for changes. You can adjust the sync interval to anywhere between 15 minutes and 24 hours from the Admin Console.

Real-Time Sync

Identity providers that support SCIM event hooks (such as Okta and OneLogin) can push changes to HintMint in real time. When real-time sync is enabled, user and group changes are reflected within seconds.

Manual Sync

Admins can trigger a full directory sync at any time from Settings > Enterprise > Directory Sync by clicking the "Sync Now" button. This is useful after bulk changes in your IdP.

Troubleshooting Sync Issues

If directory sync is not working as expected, review the following common scenarios and resolutions.

Users not appearing after sync

  • Verify the user is assigned to the HintMint application in your IdP
  • Check that the user's email matches the expected domain for your workspace
  • Confirm the SCIM bearer token has not expired or been rotated
  • Review the sync log in Admin Console > Directory Sync > Activity for error details

Users not deprovisioned

  • Ensure the user was unassigned from the HintMint application, not just disabled in the IdP directory
  • Check that your IdP is sending SCIM deactivation events (some providers require explicit configuration)
  • Trigger a manual sync and review the activity log for any skipped operations

Group mappings not applied

  • Confirm the IdP group is provisioned to HintMint (groups must be pushed, not just assigned)
  • Verify the group mapping configuration in Admin Console > Directory Sync > Group Mapping
  • Check for naming conflicts -- if an IdP group name matches an existing HintMint team, the mapping must be resolved manually
All directory sync events are logged in the audit log. Navigate to Admin Console > Audit Log and filter by "Directory Sync" to review provisioning activity and errors.

Related Resources

Role Management

Configure roles and permissions for provisioned users

CRM & ATS Integrations

Connect synced users to your CRM and ATS workflows