Company Settings
Within the Descope console, configure various items around the company from the Company Settings page. Within this page there are 3 tabs for managing company settings, Descopers, and Management keys.
Settings
Within the Settings tab, the following can be configured:
General
- The
Company Name. - The
Company ID, which is used to identity your Descope company.
Console Access
- Configure SSO for Descope admins by clicking the
Configure SSObutton. Once completed, the Descope admins will be able to authenticate to the Descope console using SSO.
- Enforce SSO - This will be visible once SSO is configured for the console. Will oblige Decopers to log in through SSO.
- Roles - This will be visible once SSO is configured with SAML. Define what roles the Descoper has in which project(s). Choosing "Granular Permissions" will allow assigning specific SSO groups to specific projects, combined with roles. Once it is set, descopers will be granted the roles associated with their SSO group upon SSO login.
Note
You can associate the "Company Admin" with an SSO group that will provide administrative access to all projects and company settings.
Enforce MFA - Will force Descopers to go through MFA, while allowing the Descoper to choose their preferred MFA method from the following options: Passkeys, OTP vis SMS, or TOTP.
SCIM Configuration
Descope allows you to configure SCIM provisioning for your Descope Company. This enables you to manage Descope console access through your identity provider's SCIM provider, rather than relying on JIT (Just-In-Time) provisioning. The SSO groups that you map under "Granular Permissions" for your SSO provider also work for SCIM.
- Generate a SCIM Bearer token from the Management Keys page with Descoper level access (SCIM) as the role.
- Find your SCIM URL in a specific tenant's settings page under Authentication Methods -> SSO -> SCIM Provisioning.
This is what you can use to configure SCIM in your IdP, along with the Bearer token in Step 2.
Permissions
- Optionally check the box for
Allow Developer Success to access my data for troubleshooting purposeswhich enables the Descope Customer Success team to capture further information within the project for troubleshooting purposes.
Descopers
Users who have access to your Descope Console are known as Descopers. You can manage these from the Descopers tab in the Console. Here you can create, delete, and manage your Descopers. When creating a new Descoper you can choose whether to send the invitation via email, and can also configure the Descoper role for the user.
Descoper Roles
Descopers can be associated to specific projects, tags, and roles. When inviting a Descoper or editing their roles, you can select Granular permissions instead of Full access and configure the
Descoper's roles based on project or tag.
This allows you to grant a Descoper unique access or roles for any project in the company or for any tag associated with a group of projects.
| Role | Description |
|---|---|
| Company Admin | Company admins have full read/write access across the company and all projects. |
| Project Admin | Descopers associated to project(s) with the Admin role have full read/write access across the projects they are associated with. |
| Project Developer | Descopers associated to project(s) with the Developer role have read/write access across all of the projects they are associated, including the Project-level settings. However, they will not have read/write access to Company-level settings. |
| Project Support | Descopers associated to project(s) with the Support role have access to read the following: Authentication Methods, Flows, Connectors, IdP Apps, Authorization, and Project Settings. These users have full read/write access within the users, access keys, tenants, and audit pages. |
Custom Descoper Roles
In addition to the predefined roles, you can create custom Descoper roles with granular permissions tailored to your organization's needs from the custom roles tab of the Descope console. Custom roles allow you to control Edit or View access to specific console sections.
For example, you can create a role that allows editing flows and widgets but restricts access to user management, or a read-only role that provides visibility across all projects without modification rights.
| Role | Description |
|---|---|
| Access Keys Edit | Manage access keys for the company. Includes view and edit access to access keys, authorization, projects, and tenants. |
| Access Keys View | View access key configurations. Includes view access to access keys, authorization, projects, and tenants. |
| Agentic Hub Edit | Manage agentic identities, MCP servers, and connections. Includes view and edit access to agentic identities, MCP servers, MCP server clients, and third-party apps. |
| Agentic Hub View | View agentic identities, MCP servers, and connections. Includes view access to agentic identities, MCP servers, MCP server clients, third-party apps, audits, authorization, flows, projects, tenants, and users. |
| Audits View | View audit logs and activity history. Includes view access to audit logs and tenants. |
| Authentication Methods Edit | Configure authentication methods. Includes view and edit access to authentication methods and connectors, plus view access to authorization, projects, users, tenants, styles, audits, and flows. |
| Authentication Methods View | View authentication method configurations. Includes view access to authentication methods, authorization, projects, users, tenants, styles, audits, connectors, and flows. |
| Authorization Edit | Manage roles, permissions, and FGA configuration. Includes view access to authorization and edit access to auth roles and permissions. |
| Authorization View | View roles, permissions, and FGA configuration. Includes view access to authorization settings. |
| Connectors Edit | Configure and manage connectors. Includes view and edit access to connectors, plus view access to audits, authentication methods, flows, tenants, and projects. |
| Connectors View | View connector configurations. Includes view access to connectors, audits, authentication methods, flows, tenants, and projects. |
| Flows Edit | Create and modify authentication flows. Includes view and edit access to flows, plus view access to authentication methods, connectors, projects, users, authorization, SSO apps, styles, and tenants. |
| Flows View | View authentication and authorization flows. Includes view access to flows, authentication methods, connectors, projects, users, authorization, SSO apps, styles, and tenants. |
| Getting Started | Run the "Getting Started" setup wizard. Includes access to wizard views and edits, plus view and edit access to flows, projects, tenants, and styles. |
| Home View | View the project home dashboard and overview. Includes view access to home dashboard, audits, connectors, flows, projects, tenants, and third-party apps. |
| Inbound Apps Edit | Configure inbound applications. Includes view and edit access to third-party apps, plus view access to authorization, flows, projects, users, and tenants. |
| Inbound Apps View | View inbound application configurations. Includes view access to third-party apps, authorization, flows, projects, users, and tenants. |
| Localization Edit | Manage localization and translations. Includes view and edit access to authentication methods, flows, and third-party apps, plus view access to connectors. |
| Localization View | View localization and translations. Includes view access to authentication methods, connectors, flows, and third-party apps. |
| Outbound Apps Edit | Configure outbound applications. Includes view and edit access to SSO apps and third-party apps, plus view access to tenants. |
| Outbound Apps View | View outbound application configurations. Includes view access to SSO apps, third-party apps, and tenants. |
| Project Settings Edit | Manage project settings. Includes view and edit access to project settings, connectors, plus view access to tenants, authentication methods, audits, flows, and users. |
| Project Settings View | View project settings and configuration. Includes view access to project settings, tenants, authentication methods, connectors, audits, flows, and users. |
| Federated Applications Edit | Configure federated applications. Includes view and edit access to SSO apps, plus view access to audits, authorization, flows, users, and authentication methods. |
| Federated Applications View | View federated application configurations. Includes view access to SSO apps, audits, authorization, flows, users, and authentication methods. |
| Style Editor Edit | Customize flow styles and branding. Includes view and edit access to styles, plus view access to authentication methods. |
| Style Editor View | View flow styles and branding. Includes view access to styles and authentication methods. |
| Tenants Edit | Manage tenants and their settings. Includes view and edit access to tenants, plus view access to authentication methods, authorization, connectors, projects, SSO apps, users, and styles. |
| Tenants View | View tenant configurations. Includes view access to tenants, authentication methods, authorization, connectors, projects, SSO apps, users, and styles. |
| Users Edit | Manage user accounts. Includes view and edit access to users and user CA settings, plus view access to authorization, projects, SSO apps, tenants, and connectors. |
| Users View | View user accounts and details. Includes view access to users, authorization, projects, SSO apps, tenants, and connectors. |
| Widgets Edit | Configure and customize widgets. Includes view and edit access to styles and flows, plus view access to authentication methods, connectors, projects, users, tenants, authorization, and SSO apps. |
| Widgets View | View widget configurations. Includes view access to widgets, styles, authentication methods, connectors, projects, users, tenants, flows, authorization, and SSO apps. |
Management keys
Within the Management Keys tab you can create, delete, and manage the Management keys within your company. Review the Management Keys documentation for further details about management keys and how they are used.
Projects
Under this Projects tab, you get an overview of all the projects in your company. With this, users can view for example which Projects come under which region. Upon editing a specific project, the project's page will open where you can make your changes with respect to the selected project. There's also other action options for management of these project which can be viewed by clicking onto the settings icon to the right of the tabular columns. These include Clone, Export (pro plan only) and Delete.
Project information that appears in the table by default are Name, ID, Environment, Region, App URL, Tags. One can choose more columns to be displayed for these projects apart from the default ones shown. These include options like "Block Sign Up Config" column to show which stores
"true" value for all the projects that have been configured to block signups in their settings. Other columns being Custom Domain, Approved Domain. A search filter also provided to filter out
projects based on certain parameters. This filter comes in handy when users have multiple projects, giving them an easy way to navigate between projects. An option to create a project from here is also available with a click of +Project button on the right.
