Company Settings

Within the Descope console, configure various items around the company from the Company Settings page. Within this page there are 3 tabs for managing company settings, Descopers, and Management keys.

Settings

Within the settings tab, the following can be configured:

General

  • The Company Name.

Console Access

  • Configure SSO for Descope admins by clicking the Configure SSO button.

    Descope Company Settings configure sso.
NOTE: This walks through the Self-Service Provisioning flow. Once completed, the Descope admins will be able to authenticate to the Descope console using SSO.

  • Enforce SSO - This will be visible once SSO is configured for the console. Will oblige Decopers to log in through SSO.

    Descope Company Settings configure enforce sso.

  • Roles - ┬áThis will be visible once SSO is configured with┬áSAML. Define what roles the Descoper has in which project(s). Choosing "Granular Permissions" will allow assigning specific SSO groups to specific projects, combined with roles. Once it is set, descopers will be granted the roles associated with their SSO group upon SSO login.

    Descope Company Settings roles.
    Descope Company Settings granular permissions.

    > **_NOTE:_** You can associate the "Company Admin" with an SSO group that will provide administrative access to all projects and company settings.

  • Enforce MFA - Will oblige Descopers to go through an MFA while letting Descopers choose their preferred MFA method from the following options: Passkeys, OTP vis SMS, or TOTP.

    Descope Company Settings configure enforce mfa.

Permissions

  • Optionally check the box for Allow Developer Success to access my data for troubleshooting purposes which enables the Descope Developer Success team to capture further information within the project for troubleshooting purposes.
    Descope Company Settings troubleshooting flag.

Descopers

Users who have access to your Descope Console are known as Descopers. You can manage these from the Descopers tab in the Console. Here you can create, delete, and manage your Descopers. When creating a new Descoper you can choose whether to send the invitation via email, and can also configure the Descoper role for the user.

Descoper roles

Descopers can be associated to specific projects and roles. When you uncheck the Company Admin checkbox and configure the user's roles based on project. The users will only have access to the projects that you associate them with, and they will only have rights within those projects per the below outline of the roles within Descope at a company level.
RoleDescription
Company AdminCompany admins have full read/write access across the company and all projects.
Project AdminDescopers associated to project(s) with the Admin role have full read/write access across the projects they are associated with.
Project DeveloperDescopers associated to project(s) with the Developer role have read/write access across all of the projects they are associated, including the Project-level settings. However, they will not have read/write access to Company-level settings.
Project SupportDescopers associated to project(s) with the Support role have access to read the following: Authentication Methods, Flows, Connectors, IdP Apps, Authorization, and Project Settings. These users have full read/write access within the users, access keys, tenants, and audit pages.

Management keys

Within the Management Keys tab you can create, delete, and manage the Management keys within your company. Review the Management Keys documentation for further details about management keys and how they are used.