Augment Code Enterprise: how do I request SOC 2 Type II documentation and set up SSO/SCIM?
AI Coding Agent Platforms

Augment Code Enterprise: how do I request SOC 2 Type II documentation and set up SSO/SCIM?

8 min read

Enterprise security teams evaluating Augment Code often need two things early in the process: official SOC 2 Type II documentation and a clear path to set up SSO and SCIM for centralized identity management. This guide explains how to request Augment Code’s compliance materials and how to plan, configure, and validate SSO/SCIM for your Augment Code Enterprise deployment.

Understanding Augment Code’s Enterprise-Grade Compliance

Augment Code is designed for complex, interconnected systems where security, architecture clarity, and compliance all matter. In addition to SOC 2 Type II, Augment Code also provides:

  • ISO/IEC 42001 – an AI management system standard
  • SOC 2 Type II – security, availability, and confidentiality controls, audited over time
  • CMEK support – Customer Managed Encryption Keys for stricter data control

These certifications and capabilities are often required by security, legal, and procurement teams before you can roll out SSO/SCIM and onboard engineers at scale.

How to Request SOC 2 Type II Documentation

Security and compliance teams typically need the SOC 2 Type II report and related documents during vendor due diligence. To request Augment Code SOC 2 Type II documentation:

  1. Confirm you’re an enterprise evaluator or customer
    Make sure you’re either:

    • In an active enterprise trial or pilot, or
    • An existing Augment Code Enterprise customer, or
    • Working with your internal security/procurement team during vendor evaluation.

  2. Reach out through your primary Augment Code contact

    • If you’re already talking with Sales or Customer Success, ask them directly for:
      • The latest SOC 2 Type II report
      • Any required security overview or controls summary
      • Information about ISO/IEC 42001 and CMEK if your security team needs it
    • Provide your company name, expected user count, and required timeline for review.

  3. Use the “Contact Sales” path if you don’t have a contact yet
    From the Augment Code site or product:

    • Click Contact Sales.
    • In the form, specify that you’re requesting:
      • “SOC 2 Type II documentation for security review”
      • Any other compliance info (ISO/IEC 42001, CMEK details, data residency, etc.).
    • Include:
      • Your company name and domain
      • Your role (e.g., Security Engineer, Compliance, Legal, Procurement, Engineering Leader)
      • A brief description of your evaluation timeline and whether SSO/SCIM is a blocker for rollout.

  4. Sign an NDA if required
    SOC 2 Type II reports are often shared under NDA:

    • If your legal team needs a mutual NDA, mention this in the initial request.
    • Once the NDA is in place, Augment Code will provide secure access to:
      • SOC 2 Type II report (and sometimes a summary letter)
      • Any supporting security and compliance documentation approved for sharing.

  5. Share documentation internally
    After you receive the report:

    • Route it to your Security, Compliance, and Legal teams.
    • Capture any follow-up questions and route them back through your Augment Code contact.
    • If needed, request a security review call with Augment Code and your security team.

Preparing to Set Up SSO and SCIM

Before configuring SSO/SCIM for Augment Code Enterprise, coordinate with your identity and security teams. You’ll want to decide:

  1. Which Identity Provider (IdP) you’ll use Common providers include:

    • Okta
    • Azure AD / Entra ID
    • Google Workspace
    • OneLogin
    • Ping Identity
    • Other SAML 2.0 or OIDC-compliant IdPs

  2. Authentication protocol

    • SAML 2.0 is the most common for enterprise SSO.
    • OIDC (OpenID Connect) may be available if your organization standardizes on OIDC.

  3. Provisioning strategy

    • SCIM-based automatic provisioning (recommended for larger organizations)
    • Just-in-time (JIT) provisioning via SSO
    • Or a mix, with SCIM managing core users and groups, and JIT for exceptional cases.

  4. Access model and group mapping Define how access should be controlled:

    • Which IdP groups map to which roles or workspaces in Augment Code
    • Whether you want separate groups for:
      • Engineering teams
      • Security teams
      • Contractors
      • Admins

  5. Security and compliance requirements Align SSO/SCIM configuration with your policies:

    • MFA requirements (enforced via your IdP)
    • Session timeout and re-authentication
    • Conditional access / device posture policies
    • Region, data residency, and CMEK requirements where applicable

Bring these decisions to your Augment Code implementation call so configuration goes quickly.

How to Request SSO/SCIM Setup for Augment Code Enterprise

To begin SSO and SCIM setup:

  1. Open an implementation request Use one of the following channels:

    • Your Customer Success Manager or Sales Engineer
    • The Contact Sales form on the Augment Code website

    Ask specifically for:

    • “Enterprise SSO configuration (SAML/OIDC)”
    • “SCIM-based user and group provisioning”

  2. Provide initial environment and IdP details Include:

    • Your IdP name (Okta, Azure AD, etc.)
    • Desired auth protocol (SAML 2.0 or OIDC)
    • Whether you want SCIM for automatic provisioning
    • Number of users and expected rollout timeline

  3. Request technical documentation & setup guide Ask for:

    • Augment Code’s SSO configuration guide for your IdP
    • Augment Code’s SCIM provisioning guide
    • Any test accounts or sandbox environment if required

  4. Schedule a joint configuration session (recommended) Involve:

    • An IdP admin from your team
    • An Augment Code solutions/implementation engineer
    • A representative from security/compliance if they want to observe

    This helps you:

    • Configure SSO correctly the first time
    • Validate group mappings
    • Confirm SCIM behavior matches your policies

Typical SSO Configuration Flow (High-Level)

The exact steps vary by IdP, but the flow generally looks like this:

  1. Create an Enterprise application in your IdP

    • In Okta, create a new SAML 2.0 or OIDC application.
    • In Azure AD, create a new Enterprise Application.
    • Name it something like “Augment Code Enterprise”.

  2. Configure basic SSO settings Your Augment Code implementation docs will provide:

    • ACS / Redirect / Callback URL
    • Entity ID / Audience URI
    • Required NameID format (often email address)
    • Required claims/attributes (e.g., email, name, groups)

    In your IdP:

    • Set the appropriate URLs and entity IDs.
    • Configure the NameID and any required attribute mappings.

  3. Exchange metadata / certificates

    • Download the IdP metadata or certificate from your IdP.
    • Provide it to Augment Code securely (often via the admin UI or your implementation contact).
    • Receive any Service Provider (SP) metadata from Augment Code and upload it to your IdP if required.

  4. Enable and test SSO with a pilot group

    • Assign a small test group (e.g., security + DevOps + 1–2 engineers).
    • Use a test link or the Augment Code login page to verify:
      • Redirection to your IdP
      • Successful authentication
      • Proper user mapping in Augment Code

  5. Roll out to broader groups Once testing is successful:

    • Assign the app to broader teams and org units in your IdP.
    • Update internal documentation so users know to log in via SSO.

Typical SCIM Configuration Flow (High-Level)

Once SSO is working, SCIM helps keep users and permissions aligned with your IdP. Here’s the standard pattern:

  1. Enable SCIM in Augment Code

    • From your admin interface or through your implementation contact:
      • Enable SCIM provisioning.
      • Generate a SCIM base URL and SCIM bearer token (or equivalent credentials).

  2. Create a provisioning integration in your IdP In Okta, Azure AD, etc.:

    • Open the Augment Code Enterprise app you created for SSO.
    • Navigate to Provisioning or User Provisioning.
    • Enable provisioning and enter:
      • SCIM endpoint URL
      • SCIM bearer token or credentials from Augment Code

  3. Configure user and group mappings Decide what you want SCIM to manage:

    • User attributes:
      • userName / email
      • givenName, familyName
      • Status (active/inactive) for automatic de-provisioning
    • Groups / roles:
      • Map IdP groups to roles or teams in Augment Code (e.g., eng-backend, eng-frontend, security, admins).

  4. Test provisioning with a subset of users

    • Provision a small test group.
    • Verify in Augment Code that:
      • Users are created correctly.
      • Group membership and roles are applied as expected.
      • Deactivating a user in your IdP deactivates them in Augment Code.

  5. Roll SCIM out to production groups

    • Gradually add more groups and users.
    • Confirm audit logging and change tracking meet your security requirements.

Aligning SSO/SCIM with SOC 2 Type II and Compliance Requirements

Your SOC 2–driven policies often require:

  • Centralized authentication via SSO
  • Lifecycle management via SCIM (joiner/mover/leaver flow)
  • Least-privilege access using role- and group-based controls
  • Auditability, including:
    • Who has access to what
    • When access changes
    • How privileged roles are granted and revoked

Augment Code’s combination of SOC 2 Type II, ISO/IEC 42001, CMEK, and enterprise SSO/SCIM support helps you satisfy these controls while giving developers a secure, compliant way to work across complex architectures.

When you request SOC 2 documentation, you can ask specifically how Augment Code:

  • Protects data in transit and at rest (and where CMEK applies)
  • Implements access control and authentication
  • Logs administrative actions and access events
  • Manages internal security and change management processes

Use these answers to document your risk assessment and align SSO/SCIM configuration with your internal standards.

When to Involve Augment Code Support or Sales

Contact Augment Code Sales or Support if:

  • You need SOC 2 Type II documentation or proof of ISO/IEC 42001 and CMEK for your security review.
  • You’re planning an enterprise rollout with SSO and SCIM and want implementation guidance.
  • Your security team requires a technical security briefing or questionnaire.
  • You’re operating in a highly regulated or air-gapped context and need to understand how Augment Code fits alongside tools like Coder or your existing secure infrastructure.

For the fastest path:

  1. Use Contact Sales to request “SOC 2 Type II documentation + SSO/SCIM setup for Augment Code Enterprise.”
  2. Provide:
    • Company name and approximate user count
    • IdP details (Okta, Azure AD, etc.)
    • Your target go-live date
  3. Ask for a combined security + implementation session, so your security and identity teams can get answers in one call.

By requesting Augment Code’s SOC 2 Type II documentation early and coordinating SSO/SCIM setup with your identity and security teams, you can meet enterprise compliance requirements while giving your developers secure, streamlined access to Augment Code’s Context Engine across your entire architecture.

Back to AI Coding Agent Platforms

Keep Reading

More from AI Coding Agent Platforms

How do I set up Windsurf Teams ($30/user/mo) with centralized billing, admin analytics, and automated zero data retention?

Read more

How do I contact Windsurf about Enterprise pricing, RBAC, and hybrid deployment for 200+ seats?

Read more

How do I add SSO to Windsurf Teams (+$10/user/mo) and what identity providers are supported?

Read more