Skip to main content
Only Org Admins can open Organization SettingsSecurity. This page groups authentication and directory controls in one place.
Open organization settings from your organization name at the top of the sidebar, then choose Settings. Select Security in the sidebar under the Security section.

SSO

  • Connect and review SSO for your identity provider (SAML via WorkOS).
  • Confirm domain verification and overall SSO configured status from the card.
  • Use Require SSO when everyone must sign in through your IdP.

SCIM

  • Configure SCIM to sync users and groups from your identity provider into Serval.

Domain allowlist and filtering

  • Turn domain filtering on or off for your organization.
  • Add allowed domains so only matching email addresses stay in scope when users sync from connected directories and integrations.

Enforce domain filter

After allowed domains are saved, Enforce Domain Filter appears at the bottom of the domain allowlist card.
  1. Click Check Users to run a dry run. Serval lists which users would be deactivated because their email does not match the allowlist.
  2. Review the dialog. The admin running the check is never included in deactivation.
  3. Confirm to deactivate all non-matching users in one step.
Users deactivated by enforcement remain deactivated while domain filtering stays enabled. Reactivation rules follow your domain policy until it changes.