> ## Documentation Index > Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Set up a RudderStack connector > C1 provides identity governance for RudderStack. Integrate your RudderStack organization with C1 for unified visibility and governance over user access. C1 provides identity governance for RudderStack. Integrate your RudderStack organization with C1 for unified visibility and governance over user access. ## Capabilities | Resource | Sync | Provision | | -------- | ------------------------------------------------------------- | --------- | | Users | | | | Groups | | | The connector syncs your RudderStack SCIM users and groups, and each user's group memberships. It is read-only and does not provision access. The connector reads identity data through RudderStack's SCIM 2.0 API, which requires the Enterprise plan with SSO enabled. It surfaces SCIM group membership; the built-in workspace member/admin role is not exposed by the SCIM API and is therefore out of scope. ## Gather RudderStack credentials To configure the RudderStack connector, you need administrator access to your RudderStack organization so you can create an organization-level Service Access Token. RudderStack SCIM requires the Enterprise plan with SSO enabled. In RudderStack, go to **Settings** > **Organization** > **Service Access Tokens** and select the **Organization** tab. The token must be an **organization-level** Service Access Token. A workspace-level token cannot access the SCIM API and will fail. This is also separate from a Personal Access Token. Create a new organization-level Service Access Token and copy its value. The connector sends it on every request as `Authorization: Bearer `. Note your RudderStack SCIM base URL. For RudderStack Cloud (US) this is `https://api.rudderstack.com/scim/v2`. ## Configure the RudderStack connector Follow these instructions to use a built-in, no-code connector hosted by C1. In C1, navigate to **Integrations** > **Connectors** and click **Add connector**. Search for **RudderStack** and click **Add**. Choose how to set up the new RudderStack connector. Set the owner for this connector. Click **Next**. Find the **Settings** area of the page and click **Edit**. Enter the RudderStack credentials: * **RudderStack SCIM base URL**: Your RudderStack SCIM 2.0 base URL including the `/scim/v2` suffix, for example `https://api.rudderstack.com/scim/v2`. * **RudderStack SCIM token**: The organization-level Service Access Token you created. Click **Save**. The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing. **Done.** Your RudderStack connector is now pulling access data into C1. Follow these instructions to run the RudderStack connector in your own environment. Create a secret for the RudderStack organization-level Service Access Token. Configure the connector environment variables: * **BATON\_RUDDERSTACK\_SCIM\_BASE\_URL**: Your RudderStack SCIM 2.0 base URL including the `/scim/v2` suffix, for example `https://api.rudderstack.com/scim/v2`. * **BATON\_RUDDERSTACK\_SCIM\_TOKEN**: The organization-level Service Access Token you created. Deploy the connector using your standard self-hosted connector process. **Done.** Your RudderStack connector is now pulling access data into C1.