configuring-sso-and-scim
Configures SSO authentication and SCIM 2.0 provisioning for CockroachDB across four distinct layers — Cloud Console SSO (SAML/OIDC), DB Console SSO (OIDC), SQL/Cluster SSO (JWT or LDAP/AD), and SCIM 2.0 automated provisioning. Use when enabling centralized identity management, setting up SSO for compliance, or automating user lifecycle management.
84
81%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly articulates specific capabilities across four distinct SSO/SCIM layers for CockroachDB, includes rich trigger terms spanning both user-friendly concepts and technical protocol names, and provides an explicit 'Use when' clause. It uses proper third-person voice and is concise yet comprehensive, making it easy for Claude to select this skill precisely when needed.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and layers: Cloud Console SSO (SAML/OIDC), DB Console SSO (OIDC), SQL/Cluster SSO (JWT or LDAP/AD), and SCIM 2.0 automated provisioning. These are highly specific capabilities with named protocols and distinct configuration targets. | 3 / 3 |
Completeness | Clearly answers both 'what' (configures SSO and SCIM across four layers with specific protocols) and 'when' (explicit 'Use when' clause covering centralized identity management, SSO for compliance, and automating user lifecycle management). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: SSO, SAML, OIDC, SCIM, JWT, LDAP, AD, CockroachDB, identity management, user lifecycle management, provisioning, compliance. Good coverage of both high-level concepts and specific protocol names. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive — scoped specifically to CockroachDB SSO/SCIM configuration across four named layers. The combination of CockroachDB + SSO + SCIM + specific protocols creates a very clear niche that is unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
62%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a thorough, highly actionable skill with excellent workflow clarity, complete executable examples, and strong safety/rollback coverage. Its primary weakness is extreme verbosity — it reads more like comprehensive documentation than a concise skill file, with significant content that could be trimmed or moved to reference files. The progressive disclosure is partially implemented but the main file carries too much inline detail.
Suggestions
Move troubleshooting, safety considerations, and rollback sections into separate reference files (e.g., references/troubleshooting.md, references/rollback.md) and link from the main SKILL.md to reduce its length by ~40%.
Remove the 'When to Use This Skill' section entirely — this duplicates the frontmatter description and Claude can infer applicability from the content itself.
Eliminate the redundant Step 0 audit section — each Part already begins with a 'Check Current Configuration' step that covers the same commands.
Compress the 'Configuration Decisions' section into a simple table rather than bullet-point descriptions of each option.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~400+ lines. It includes extensive explanations Claude already knows (what SAML is, what OIDC is, what LDAP is), repeats audit/check steps redundantly (Step 0 duplicates checks in Parts 1-4), includes a lengthy 'When to Use This Skill' section that adds no actionable value, and the 'Prerequisites' and 'Configuration Decisions' sections could be dramatically compressed. The troubleshooting and safety sections, while useful, are also padded with explanations of obvious concepts. | 1 / 3 |
Actionability | The skill provides concrete, executable SQL commands, bash commands, and specific cluster settings throughout. Code examples are copy-paste ready with clear placeholder values, and the HBA configuration examples are complete and realistic. Testing steps include actual commands to verify each configuration. | 3 / 3 |
Workflow Clarity | The multi-step workflows are clearly sequenced with numbered steps, explicit validation/testing steps after each configuration (Parts 1-5 each end with test steps), and the safety section includes critical feedback loops like break-glass account verification. The HBA first-match-wins warning with dangerous vs safe configuration examples is an excellent validation checkpoint. Rollback procedures are comprehensive. | 3 / 3 |
Progressive Disclosure | The skill references a bundle file (references/configuration-steps.md) for IdP-specific details, which is good progressive disclosure. However, the main SKILL.md itself is monolithic — the troubleshooting, safety considerations, and rollback sections could be split into separate reference files. The decision tree at the top helps navigation, but the sheer length of inline content undermines the overview-with-references pattern. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (619 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Repository
- cockroachlabs/cockroachdb-skills
- Commit
84bc1e4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.