SCIM Configuration Guide for Okta

To enable SCIM, you first need an existing application in Okta. If you haven't created an application yet, please follow these instructions.

After creating the application for the Okta SCIM connection, follow these steps:

1. Log in to your Okta account and navigate to Applications > Applications. Alternatively, you can visit the following path: /admin/apps/active on your Okta project base URL to view the list of existing applications.
   
   
   

2. In the list, find and click on your application.

3. In the General tab, click Edit, check the Enable SCIM provisioning checkbox, and click the Save button.
   
   

4. Open the Sign On tab and click the Edit button. In the Credential Details section, select Custom as the Application username format and enter the user.email in the expression input that has been shown. Then click the Save button.
   
   
   
   
   
   

5. Select the Provisioning tab. If it hasn’t been added to your application, refresh the page, then click the Edit button.
   

6. Fill in the SCIM Connector Base URL with the SCIM endpoint base URL from the SAML Single Sign-On page.

7. Enter userName in the Unique Identifier field for user input.

8. Check the Push New Users and Push Profile Updates checkboxes.

9. Select HTTP Header from the Authentication Mode dropdown.

10. Use the token you created with the Manage Users with SCIM scope to populate the Authorization field.

11. Click the Test connection button
    

12. If everything has been configured correctly according to the manual, the “Connector configured successfully” message will appear.
    
    

13. Click the Close button, then click the Save button to persist the configurations.
    

6. After saving the connection information, you'll see the To App menu in the left pane of the Provisioning tab. Click on it, then click the Edit button at the top of the page. Check the Enable checkboxes for Create Users, Update User Attributes, and Deactivate Users to reflect all of your actions in PowerDMARC.
   

7. Scroll to the end of the To App menu, where SCIM2 Attribute Mappings is located, and in the Attributes section, delete all deletable records except the Display Name field by clicking the x icon next to each record.
   
   

8. In the left pane, go to Directory > Profile Editor (accessible at the path: /admin/universaldirectory).
   

9. In the list, find and click on your application.
   
   
   

10. Given Name and Family Name are required by default. Open these two records by clicking the pen icon, uncheck the Attribute Required checkbox, then click Save Attribute to persist the changes.
    
    
    
    
    
    

Okta guide For UAT:

Instructions to configure the user type attribute as required in Okta Profile Editor and set up provisioning mappings for successful user create/update (including delete and re-add scenarios) in your app.
Profile Editor Setup:

1. Navigate to Directory > Profile Editor in the Okta Admin Console.
2. Click on your app’s profile.
3. Click Mappings, then Configure User mappings (select Okta User to App tab).
4. Locate the userType (or user type) attribute in the app profile, edit it, and set it as required (toggle to Yes).
5. Save mappings and apply updates.
6. Provisioning Configuration
       •    Go to Applications > Your App > Provisioning tab.
       •    Find User type attribute and click Edit.
       •    Set Map from Okta Profile, select userType from the dropdown.
       •    Check Apply on Create and Apply on Update.
       •    Click Save.
7. Your Final Mapping should be as shown below

From now on, users who have been assigned to this application will be sent to PowerDMARC.