> ## Documentation Index > Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # FireHydrant > Syncs users, teams, team memberships, default incident roles, and on-call schedules from FireHydrant, and provisions accounts and team membership via SCIM 2.0. # FireHydrant The FireHydrant connector syncs identities and access from [FireHydrant](https://firehydrant.com/) and provisions accounts and team membership through the FireHydrant SCIM 2.0 endpoints. ## Synced resources | Resource | Capabilities | | ---------------- | ------------------------------------------------------- | | User | Sync, account provisioning, account deletion | | Team | Sync, team membership provisioning | | On-call schedule | Sync (membership and current on-call surface as grants) | Team resources expose a `member` grant for each membership and a dynamic `incident-role:` entitlement plus matching grant for every member who has a default incident role on that team. On-call schedule resources expose a `member` grant for everyone on the schedule and an `on-call-now` grant for the user with an active shift. ## Configuration | Field | Required | Description | | ----------- | -------- | ------------------------------------------------------------------------------------------------------------------------------- | | `api-token` | yes | FireHydrant bot user API token. Generate one in **Settings > Bot users**. Owner permissions are required for SCIM provisioning. | | `base-url` | no | Override the FireHydrant API base URL. Defaults to `https://api.firehydrant.io`. | ## Required permissions The bot user backing the API token must have **Owner** permissions on the FireHydrant organization so it can call the SCIM 2.0 endpoints used for account and team membership provisioning. A lower-privileged token can still drive read-only sync but provisioning calls will fail.