Skip to main content

Configure SCIM in Okta

After creating your integration in the NetFoundry console, follow these steps to configure Okta to act as the SCIM client.

Part 1: Add the SCIM application

  1. In the Okta Admin Console, navigate to Applications > Applications.
  2. Click Browse App Catalog.
  3. Search for SCIM and select SCIM 2.0 Test App (OAuth Bearer Token).
  4. Click Add Integration.
  5. Provide an Application label and click Next.
  6. Configure your sign-on options and click Done.

Part 2: Configure the API connection

  1. Click the Provisioning tab.
  2. Click Configure API Integration.
  3. Select Enable API integration.
  4. Enter your SCIM 2.0 Base Url and OAuth Bearer Token from the NetFoundry console.
  5. If you intend to manage attributes via groups, select Import Groups.
  6. Click Test API Credentials, then click Save.

Part 3: Enable provisioning features

  1. On the Provisioning tab, select To App from the left sidebar.

  2. Click Edit.

  3. Select Enable for these features:

    • Create Users
    • Update User Attributes
    • Deactivate Users

  4. Click Save.

Part 4: Push groups for attributes

Okta doesn't automatically push groups to the SCIM server when they're assigned to an app. To use groups for Ziti attributes, you must push them manually.

  1. Navigate to the Push Groups tab.
  2. Click the Push Groups button and select Find groups by name.
  3. Search for the group you want to use and select Push group memberships immediately.
  4. Click Save.
note
  • User deactivation: When a user is unassigned in Okta, the corresponding identity in NetFoundry is marked as disabled.
  • Assignment conversion: If a user was originally assigned to the application individually but is later added as part of a group, click Convert assignments to ensure they inherit group-based attributes.