IdenIden Docs
Iden Platform GuideApps & Integrations

Connecting an App

How to connect applications to Iden using OAuth, Warp, or API/SCIM.

Iden can connect to virtually any SaaS application (cloud-based software tool) your organization uses. This page explains the three connection methods and what to expect after connecting. For the full step-by-step walkthrough, see the Connecting Your First App guide.

Connection types

OAuth

OAuth is the most common way to connect an app. Iden redirects you to the app's own login page, where you authorize the connection using your admin account. OAuth is a secure sign-in handshake - your password is never stored by Iden. Iden only keeps a short-lived access token (a temporary key) that lets it read user data.

Examples: Slack, GitHub, Google Workspace, Salesforce, Microsoft / Azure AD, HubSpot, Zoom, GitLab, Asana, Trello, Dropbox, Box, Zendesk, Smartsheet, and 25+ more.

What Iden syncs: Users, groups, roles, and licenses (depending on what the app makes available).

Warp (browser-based)

For apps that do not offer an API or OAuth option, Iden uses Warp. Warp opens a secure remote browser session and connects to the app's website on your behalf. You do not share your credentials with Iden. Iden interacts with the app's web interface directly, just as a person would.

Examples: Any web-based application without a public API.

Two modes to choose from:

ModeBest for
CloudTeams who want always-on syncing. Iden uses a private cloud server dedicated to your organization. Works from any device.
On DeviceTeams who prefer the browser session to run on their own machine. Note: syncing pauses when the device is offline.

API / SCIM

Some apps support direct connections using a token or API key (a special password for software-to-software connections) that you generate inside the app. SCIM (System for Cross-domain Identity Management) is an industry-standard method for syncing user accounts automatically.

Examples: LDAP (a directory service for managing user accounts), and apps with SCIM provisioning endpoints.

What Iden syncs: Users and groups, using the SCIM standard or the app's own API.

Connecting an app step by step

See the Connecting Your First App guide for the full walkthrough. The steps are the same for every app, regardless of connection type.

After connecting

Once connected, Iden runs an initial sync to pull in all existing users and their access. Depending on the app and how many users it has, this can take anywhere from a few seconds to a few minutes.

You can check the sync status from the app's detail page in Connected Apps. The status badge will show Active once the initial sync is complete.

If a connection expires later (for example, OAuth access tokens can expire, or browser sessions may time out), the app's row will show a "Connection expired" warning and a red Reconnect button. Click it and follow the same connection steps to restore the sync.

The screen below shows what an active connection and an expired connection look like:

Connected Apps page showing Active status badge and Connection expired with Reconnect button

Connecting multiple accounts of the same app

You can connect more than one account of the same app. For example, you might have two separate GitHub organizations or two Salesforce environments.

During the connection setup, give each one a distinct display name so you can tell them apart on the Connected Apps page.

Example: GitHub - Engineering Org and GitHub - Acquisition Org

Overview

Connect, configure, and manage applications in Iden.

App Settings

Configure alerts, ownership, approval routing, workflows, offboarding, and more for each connected app.

On this page

Connection typesOAuthWarp (browser-based)API / SCIMConnecting an app step by stepAfter connectingConnecting multiple accounts of the same app