Skip to content
Veraproof Veraproof Docs

Okta SCIM Configuration

Okta SCIM Configuration

This guide covers how to configure SCIM provisioning in Okta for your Scimify integrations.

Prerequisites

  • Access to your Okta admin console
  • A Scimify account with at least one integration instance configured
  • The SCIM Base URL and API key from your Scimify admin console

Configuration Steps

1. Add the Veraproof Scimify App

  1. Login to your Okta admin dashboard
  2. Navigate to Applications > Applications
  3. Click Browse App Catalog and search for the Veraproof Scimify application
  4. Click the Add Integration button

2. Configure the SCIM Base URL

  1. In the Okta app configuration, locate the “Scimify Base URL” field
  2. Copy the SCIM Base URL from your Scimify admin console (found on the Integrations page)
  3. Paste the URL into the Okta app configuration

3. Configure the Provisioning API Key

  1. Generate a SCIM API key from an integration instance in your Scimify admin console
  2. Copy the API key
  3. Add it to the “Provisioning API key” field in the Okta app configuration
  4. Click Test API Credentials and if successful, click Save
  5. Once provisioning is enabled, turn on Create Users, Update User Attributes, and Deactivate users

4. Assign Users and Push Groups

  1. Configure user assignments in Okta
  2. Configure group push settings to push IdP groups to the Okta app
  3. Ensure members of push groups are also assigned to the Veraproof Scimify Okta app

Important Note: Members of push groups will only be pushed if those users are also assigned to the Veraproof Scimify Okta app. Either assign the push group under the assignments tab or create a dedicated assignments group (preferred to avoid SCIM race conditions within Okta).

Supported Okta SCIM Features

The following features are supported, but availability depends on the app integration type (group only, user only, user & group) as well as limitations within the SaaS app:

  • Create users
  • Update user attributes
  • Deactivate users
  • Import users
  • Import groups
  • Group push

The following profile attributes are supported:

  • Username
  • Given name
  • Family name
  • Email
  • Title
  • Display name

Note: Some scimify integrations support custom attributes to manage roles and permissions. These custom attributes will be documented under the integration specific guides.

Authentication

Your IdP should use HTTP header authentication with:

Authorization: Bearer <SCIM_API_KEY>

Need Help?

If you encounter any issues during configuration, please contact support@veraproof.io for assistance.