Management

Company Settings

On the company page of the Descope console, you can manage company-level settings, Descopers and their permissions, management keys, projects, and usage.

Settings

Within the Settings tab, the following can be configured:

General

  • The Company Name.
  • The Company ID, which is used to identity your Descope company.

Console Access

  • Configure SSO for Descope admins by clicking the Configure SSO button. Once completed, the Descope admins will be able to authenticate to the Descope console using SSO.

Descope Company Settings configure sso

  • Enforce SSO - This will be visible once SSO is configured for the console. Will oblige Decopers to log in through SSO.

Descope Company Settings configure enforce sso

  • Roles - This will be visible once SSO is configured with SAML. Define what roles the Descoper has in which project(s). Choosing "Granular Permissions" will allow assigning specific SSO groups to specific projects, combined with roles. Once it is set, descopers will be granted the roles associated with their SSO group upon SSO login.

Descope Company Settings roles

Descope Company Settings granular permissions

Note

You can associate the "Company Admin" with an SSO group that will provide administrative access to all projects and company settings.

Enforce MFA - Will force Descopers to go through MFA, while allowing the Descoper to choose their preferred MFA method from the following options: Passkeys, OTP vis SMS, or TOTP.

Descope Company Settings configure enforce mfa

SCIM Configuration

Descope allows you to configure SCIM provisioning for your Descope Company. This enables you to manage Descope console access through your identity provider's SCIM provider, rather than relying on JIT (Just-In-Time) provisioning. The SSO groups that you map under "Granular Permissions" for your SSO provider also work for SCIM.

  1. Generate a SCIM Bearer token from the Management Keys page with Descoper level access (SCIM) as the role.

SCIM bearer token

  1. Find your SCIM URL in a specific tenant's settings page under Authentication Methods -> SSO -> SCIM Provisioning.

SCIM URL

This is what you can use to configure SCIM in your IdP, along with the Bearer token in Step 2.

Permissions

  • Optionally check the box for Allow Developer Success to access my data for troubleshooting purposes which enables the Descope Customer Success team to capture further information within the project for troubleshooting purposes.

Descope Company Settings troubleshooting flag

Descopers

Users who have access to your Descope Console are known as Descopers. You can manage these from the Descopers tab in the Console. Here you can create, delete, and manage your Descopers. When creating a new Descoper you can choose whether to send the invitation via email, and can also configure the Descoper role for the user.

Descoper Roles

Descopers can be associated to specific projects, tags, and roles. When inviting a Descoper or editing their roles, you can select Granular permissions instead of Full access and configure the Descoper's roles based on project or tag.

This allows you to grant a Descoper unique access or roles for any project in the company or for any tag associated with a group of projects.

Granular permissions when inviting Descopers

RoleDescription
Company AdminCompany admins have full read/write access across the company and all projects.
Project AdminDescopers associated to project(s) with the Admin role have full read/write access across the projects they are associated with.
Project DeveloperDescopers associated to project(s) with the Developer role have read/write access across all of the projects they are associated, including the Project-level settings. However, they will not have read/write access to Company-level settings.
Project SupportDescopers associated to project(s) with the Support role have access to read the following: Authentication Methods, Flows, Connectors, IdP Apps, Authorization, and Project Settings. These users have full read/write access within the users, access keys, tenants, and audit pages.

Custom Descoper Roles

In addition to the predefined roles, you can create custom Descoper roles with granular permissions tailored to your organization's needs from the custom roles tab of the Descope console. Custom roles allow you to control Edit or View access to specific console sections.

For example, you can create a role that allows editing flows and widgets but restricts access to user management, or a read-only role that provides visibility across all projects without modification rights.

RoleDescription
Access Keys EditManage access keys for the company. Includes view and edit access to access keys, authorization, projects, and tenants.
Access Keys ViewView access key configurations. Includes view access to access keys, authorization, projects, and tenants.
Agentic Hub EditManage agentic identities, MCP servers, and connections. Includes view and edit access to agentic identities, MCP servers, MCP server clients, and third-party apps.
Agentic Hub ViewView agentic identities, MCP servers, and connections. Includes view access to agentic identities, MCP servers, MCP server clients, third-party apps, audits, authorization, flows, projects, tenants, and users.
Audits ViewView audit logs and activity history. Includes view access to audit logs and tenants.
Authentication Methods EditConfigure authentication methods. Includes view and edit access to authentication methods and connectors, plus view access to authorization, projects, users, tenants, styles, audits, and flows.
Authentication Methods ViewView authentication method configurations. Includes view access to authentication methods, authorization, projects, users, tenants, styles, audits, connectors, and flows.
Authorization EditManage roles, permissions, and FGA configuration. Includes view access to authorization and edit access to auth roles and permissions.
Authorization ViewView roles, permissions, and FGA configuration. Includes view access to authorization settings.
Connectors EditConfigure and manage connectors. Includes view and edit access to connectors, plus view access to audits, authentication methods, flows, tenants, and projects.
Connectors ViewView connector configurations. Includes view access to connectors, audits, authentication methods, flows, tenants, and projects.
Flows EditCreate and modify authentication flows. Includes view and edit access to flows, plus view access to authentication methods, connectors, projects, users, authorization, SSO apps, styles, and tenants.
Flows ViewView authentication and authorization flows. Includes view access to flows, authentication methods, connectors, projects, users, authorization, SSO apps, styles, and tenants.
Getting StartedRun the "Getting Started" setup wizard. Includes access to wizard views and edits, plus view and edit access to flows, projects, tenants, and styles.
Home ViewView the project home dashboard and overview. Includes view access to home dashboard, audits, connectors, flows, projects, tenants, and third-party apps.
Inbound Apps EditConfigure inbound applications. Includes view and edit access to third-party apps, plus view access to authorization, flows, projects, users, and tenants.
Inbound Apps ViewView inbound application configurations. Includes view access to third-party apps, authorization, flows, projects, users, and tenants.
Localization EditManage localization and translations. Includes view and edit access to authentication methods, flows, and third-party apps, plus view access to connectors.
Localization ViewView localization and translations. Includes view access to authentication methods, connectors, flows, and third-party apps.
Outbound Apps EditConfigure outbound applications. Includes view and edit access to SSO apps and third-party apps, plus view access to tenants.
Outbound Apps ViewView outbound application configurations. Includes view access to SSO apps, third-party apps, and tenants.
Project Settings EditManage project settings. Includes view and edit access to project settings, connectors, plus view access to tenants, authentication methods, audits, flows, and users.
Project Settings ViewView project settings and configuration. Includes view access to project settings, tenants, authentication methods, connectors, audits, flows, and users.
Federated Applications EditConfigure federated applications. Includes view and edit access to SSO apps, plus view access to audits, authorization, flows, users, and authentication methods.
Federated Applications ViewView federated application configurations. Includes view access to SSO apps, audits, authorization, flows, users, and authentication methods.
Style Editor EditCustomize flow styles and branding. Includes view and edit access to styles, plus view access to authentication methods.
Style Editor ViewView flow styles and branding. Includes view access to styles and authentication methods.
Tenants EditManage tenants and their settings. Includes view and edit access to tenants, plus view access to authentication methods, authorization, connectors, projects, SSO apps, users, and styles.
Tenants ViewView tenant configurations. Includes view access to tenants, authentication methods, authorization, connectors, projects, SSO apps, users, and styles.
Users EditManage user accounts. Includes view and edit access to users and user CA settings, plus view access to authorization, projects, SSO apps, tenants, and connectors.
Users ViewView user accounts and details. Includes view access to users, authorization, projects, SSO apps, tenants, and connectors.
Widgets EditConfigure and customize widgets. Includes view and edit access to styles and flows, plus view access to authentication methods, connectors, projects, users, tenants, authorization, and SSO apps.
Widgets ViewView widget configurations. Includes view access to widgets, styles, authentication methods, connectors, projects, users, tenants, flows, authorization, and SSO apps.

Management keys

Within the Management Keys tab you can create, delete, and manage the Management keys within your company. Review the Management Keys documentation for further details about management keys and how they are used.

Projects

On the Projects tab you see every project in your company. Selecting a project opens its project page so you can edit that project's settings. The settings icon at the end of each row opens more actions: Edit, Clone, Export (Pro plan only), and Delete.

By default the table lists Name, ID, Environment, Region, App URL, and Tags. You can add optional columns, including Block Sign Up Config, Custom Domain, and Approved Domain. Use the search filter to narrow the list by various fields when you have many projects. You can create a new project with the +Project button on the right.

Descope Project Overview

Usage

The Usage tab on Company Settings summarizes usage metrics for your company. For each metric you can see totals for the current month and the previous month:

  • Monthly Active Users
  • Monthly Active Tenants
  • SSO Connections
  • Monthly M2M Exchanges
  • Monthly Active Consents
  • Monthly Active Tokens

For plan allowances, how overages work, and explanations of this terminology, see Descope pricing.

Company Usage

Was this helpful?
SparklesAsk AI about this pageArrowRight

Projects with SDKs

Learn how to easily implement project management with Descope using the Descope backend SDKs.

Overview

Learn how to migrate to Descope from third-parties

On this page

Company SettingsSettingsGeneralConsole AccessSCIM ConfigurationPermissionsDescopersDescoper RolesCustom Descoper RolesManagement keysProjectsUsage