Skip to content
Scalekit Docs

Okta Directory

This guide is designed to help administrators seamlessly sync their Okta Directory with an application they want to onboard to their organization. By integrating your application with Okta, you can automate user management tasks and ensure that access rights are consistently up-to-date.

This registration sets up the following:

  1. Endpoint: This is the URL where Okta will send requests to the app you are onboarding. It acts as a communication point between Okta and your application.
  2. Bearer Token: This token is used by Okta to authenticate its requests to the endpoint. It ensures that the requests are secure and authorized.

By setting up these components, you enable seamless synchronization between your application and the Okta directory.

  1. Create an endpoint and API token

    Section titled “Create an endpoint and API token”

    Open the Admin Portal from the app being onboarded and select the “Directory Sync” tab. A list of Directory Providers will be displayed. Choose “Okta” as your Directory Provider. If the Admin Portal is not accessible from the app, request instructions from the app owner.

    Okta SCIM

    Okta directory sync setup: Endpoint URL and one-time visible bearer token provided.

    After selecting “Okta,” click “Configure.” This action will generate an Endpoint URL and Bearer token for your organization, allowing the app to listen to events and maintain synchronization with your organization.

  2. Add a new application in Okta

    Section titled “Add a new application in Okta”

    Log in to the Okta admin dashboard and navigate to “Applications” in the main menu.

    Okta app catalog: SCIM 2.0 Test App integration options displayed.

    If you haven’t previously created a SCIM application in Okta, select “Browse App Catalog.” Otherwise, choose it from your existing list of applications. In the Okta Application dashboard, search for “SCIM 2.0 Test App (OAuth Bearer Token)” and select the corresponding result.

    Click “Add Integration” on the subsequent page.

    Adding SCIM 2.0 Test App integration in Okta for app being onboarded

    Provide a descriptive name for the app, then proceed by clicking “Next.”

    Naming the app 'Hero SaaS' during SCIM 2.0 Test App integration in Okta.

    The default configuration is typically sufficient for most applications. However, if your directory requires additional settings, such as Attribute Statements, configure these on the Sign-On Options page. Complete the application creation process by clicking “Done.”

  3. Enable sending and receiving events in provisioning settings

    Section titled “Enable sending and receiving events in provisioning settings”

    In your application’s Enterprise Okta admin panel, navigate to the “Provisioning” tab and select “Configure API Integration.”

    Enabling API Integration in Okta for app being onboarded.

    Copy the Endpoint URL and Bearer Token from your Admin Portal and paste them into the SCIM 2.0 Base URL field and OAuth Bearer Token field, respectively. Verify the configuration by clicking “Test API Credentials,” then save the settings.

    Verifying SCIM credentials for Hero SaaS integration in Okta

    Give provisioning permissions to the API integration. This is necessary to allow Okta to send and receive events to the app. Upon successful configuration, the Provisioning tab will display a new set of options. These options will be utilized to complete the provisioning process for your application.

    Saving verified SCIM API integration settings for Hero SaaS in Okta

  4. Configure provisioning options

    Section titled “Configure provisioning options”

    In the “To App” navigation section, enable the following options:

    • Create Users
    • Update User Attributes
    • Deactivate Users

    Granting provisioning permissions to Hero SaaS app in Okta SCIM integration

    After enabling these options, click “Save” to apply the changes. These settings allow Okta to perform user provisioning actions in your application, including creating new user accounts, updating existing user information, and deactivating user accounts when necessary.

  5. Assign users and groups

    Section titled “Assign users and groups”

    Assigning users to Hero SaaS in Okta: Options to assign to individuals or groups

    To assign users to the SAML Application:

    1. Navigate to the “Assignments” tab.
    2. From the “Assign” dropdown, select “Assign to People.”
    3. Choose the users you want to provision and click “Assign.”
    4. A form will open for each user. Review and populate the user’s metadata fields.
    5. Scroll to the bottom and click “Save and Go Back.”
    6. Repeat this process for all users, then select “Done.” Assigning users to Hero SaaS in Okta: Selecting individuals for access

  6. Push groups and sync group membership

    Section titled “Push groups and sync group membership”

    To push groups and sync group membership:

    1. Navigate to the “Push Groups” tab.
    2. From the “Push Groups” dropdown, select “Find groups by name.”
    3. Search for and select the group you want to push.
    4. Ensure the “Push Immediately” box is checked.
    5. Click “Save.”

    Pushing group memberships to SCIM 2.0 Test App: Configuring the 'Avengers' group in Okta

  7. Group based Role Assignment Configuration

    Section titled “Group based Role Assignment Configuration”

    To automatically assign roles to users based on their group membership, configure appropriate group to role mapping in the SCIM Configuration Portal. Pushing group memberships to SCIM 2.0 Test App: Configuring the 'Avengers' group in Okta

  8. Verify successful connection

    Section titled “Verify successful connection”

    After completing these steps, verify that the users and groups are successfully synced by visiting Users and Groups tab in the Admin Portal.

    Verification Process