Identity & onboarding
SSO / SCIM / Enterprise Onboarding Packet
An enterprise-onboarding evidence pack covering identity, provisioning, and audit.
The first deliverable is a decision package: what is in scope, what is required, what is blocked, and what can proceed.
No production testing, adversarial activity, access to secrets, or customer-data processing happens without explicit authorization and the right agreement path. Do not enter secrets or credentials here.
What to gather for this packet
Needed: IdP(s) in use · SAML/OIDC config · SCIM provisioning model · Role/group mapping
Helpful: Audit-log sources · Tenant admin flows · Deprovisioning policy
Bring names and high-level descriptions only — exact targets, accounts, and credentials are shared later through a secure channel.
Engagement
Readiness inputs
Deliverables you want
Packet modules
- Scope Brief — What is in scope, what decision is being made, and what success looks like.
- Authorization Statement — Confirmation the org owns, controls, or is authorized to assess the targets.
- Evidence Handling Plan — Where evidence is stored, redaction, retention, and deletion.
- Contract Requirements — The required and conditional agreements for this engagement.
- Draft SOW Inputs — Scope, window, deliverables, and acceptance inputs for the SOW.
- Open Questions — What is still required before a scoping call or private offer.
- Follow-On Recommendations — Natural next services once this engagement completes.
- Identity / SSO Boundary — SAML/OIDC, SCIM, RBAC, provisioning, and deprovisioning in scope.
- Target Inventory — The named systems, endpoints, repos, accounts, or surfaces in scope.
- Access Plan — How access and test accounts are provisioned through a secure channel.
- Data Handling Plan — Data sensitivity, masking, sample-only, retention, and deletion rules.
- Deliverables Plan — The artifacts the buyer will receive and in what format.
SSO / SCIM / Enterprise Onboarding Packet — preview
Identity & onboarding
Scope Brief
- Organization: To be specified during scoping
- Decision: An enterprise-onboarding evidence pack covering identity, provisioning, and audit.
- Driver: Enterprise SSO/SCIM, RBAC, provisioning, deprovisioning, and auditability are becoming a deal blocker.
Authorization Statement
- Not yet confirmed — required before any access or testing.
Evidence Handling Plan
- Evidence stored in an access-controlled encrypted store; redaction; agreed retention + deletion.
Contract Requirements
- Mutual NDA — Required for this engagement.
- Evidence Handling Policy — Required for this engagement.
- Statement of Work Template — Required for this engagement.
- Assessment Terms Addendum — Required for this engagement.
- No-Cost Scoping Retainer (conditional) — Scope before any paid work or active testing.
Draft SOW Inputs
- Engagement: SSO / SCIM / Enterprise Onboarding Packet
- Deliverables: 9 selected
- Budget category: Product security / identity / customer assurance
Open Questions
- Authorization (own / control / explicitly authorized to assess the targets)
- Target inventory (named systems/endpoints in scope)
- Identity mapping (IdP, SAML/OIDC, SCIM, roles)
- Access plan (how access and test accounts are provisioned securely)
Follow-On Recommendations
- saas connector security
- ai security sales evidence
- ai governance program build
Identity / SSO Boundary
- Identity mapping needed.
Target Inventory
- No named targets yet — required before testing.
Access Plan
- Access plan needed — secure-channel provisioning, no public credentials.
Data Handling Plan
- Sensitive data in scope: No
- Standard handling; secrets masked; minimum-necessary access.
Deliverables Plan
- IdP Compatibility Matrix
- SAML/OIDC Config Intake
- SCIM Provisioning Intake
- Role / Group Mapping
- JIT Provisioning Notes
- Deprovisioning Test Plan
- Tenant Admin Flow Review
- Audit Log Checklist
- Enterprise Onboarding Evidence Pack
Clarify the problem.
Define success.
Choose the right next step.
A 5–10 minute planner that turns AI security ambiguity into a clear, measurable prescription.
Reduce uncertainty fast
We ask the right questions, not all the questions.
See what matters
Surface risks, blockers, assumptions, and the real problem.
Get a clear prescription
Recommended paths, effort, and acceptance criteria up front.
Sessions are saved locally in your browser. No account required.
SCOPE in progress
What we currently believe
Next best question
Who is the final user of your AI product?
This helps us understand risk exposure and set the right success criteria.
Your input is private and saved locally.
Export prescription when ready →
Choose the use case closest to your challenge. SCOPE loads the right questions for your context.
Onboarding
Move four tracks in parallel
We put legal, finance, procurement, and technical scoping on parallel rails so the work can start without waiting on every internal process sequentially.
Technical Scoping
Output: Draft Launch Review Plan
- architecture
- demo/staging
- prompts
- RAG
- agents/tools
- authz
- logs/evals
- test boundaries
Legal
Output: NDA + Scoping Authorization
- mutual NDA
- data handling
- authorized testing boundaries
- confidentiality
- work-product terms
Finance / Procurement
Output: Procurement Packet
- vendor profile
- tax/payment details
- budget category
- fixed-fee quote path
- invoice terms
- onboarding answers
Internal Approval
Output: Approval Memo
- why now
- business pressure
- risk if delayed
- expected deliverables
- timeline
- decision needed
Output
Your output: a clear, measurable prescription.
SCOPE delivers a one-page engagement plan you can share and act on immediately.
- Situation & core problem
- Desired outcome & success criteria
- Key risks & assumptions
- Recommended path(s)
- Effort, timing & impact
- Open questions & next step
SCOPE Prescription
Situation
Criteria
Recommended path
Next step
Export as markdown ↗