Skip to main content
Version: 3.9.x

SCIM Provisioning with Okta

Okta can provision users into API7 Gateway by using SCIM (System for Cross-domain Identity Management). This lets you synchronize users from your identity provider to the API7 Dashboard automatically.

Prerequisites

Before you begin, ensure you have:

  • API7 Gateway is installed and the Dashboard is accessible.
  • You have an Okta account with administrative privileges.
  • You have a user account in API7 Gateway with permission to manage organization settings.

Step 1: Create a SCIM Application in Okta

Search for the SCIM integration

  1. Log in to the Okta Admin Console.
  2. Go to Applications -> Applications.
  3. Click Browse App Catalog.
  4. Search for SCIM.
  5. Select SCIM 2.0 Test App (Header Auth).

Search for SCIM integration in Okta

Add the integration

  1. Click Add Integration.

Add SCIM integration

Configure general settings

  1. In the General Settings tab, configure the application name and other settings as needed.

Configure general settings

Configure sign-on options

  1. In the Sign-On Options tab, select Secure Web Authentication (SWA) as the sign-on method.
  2. Click Done to save the application.

Select sign-on options

Step 2: Enable SCIM in API7 Gateway

  1. Log in to the API7 Dashboard with an administrative account.
  2. Go to Organization -> Settings.
  3. Enable SCIM Provisioning.
  4. Copy the API7 SCIM Endpoint URL and SCIM Token.

Dashboard settings

Enable SCIM provisioning

Copy SCIM URL and token

Step 3: Configure the Okta API Integration

  1. Return to the Okta Admin Console and open the SCIM application.
  2. Select the Provisioning tab.
  3. Click Configure API Integration.
  4. Check Enable API Integration.
  5. In SCIM 2.0 Base URL, enter the SCIM endpoint copied from API7 Gateway.
  6. In API Token, enter Bearer <your_token> using the SCIM token copied from API7 Gateway.
  7. Click Test API Credentials to verify the connection.
  8. Click Save.
note

Make sure there is a space after Bearer.

Select provisioning tab

Configure API integration

Step 4: Enable Provisioning Features in Okta

  1. In the Provisioning tab, select To App.
  2. Click Edit.
  3. Enable the provisioning features you need:
    • Create Users
    • Update User Attributes
    • Deactivate Users
  4. Click Save.

Edit provisioning settings

Enable create users

Step 5: Assign Users in Okta

  1. Open the Assignments tab of the SCIM application.
  2. Click Assign and select Assign to People.
  3. Select the users you want to provision into API7 Gateway.
  4. Click Assign for each selected user, then click Done.

Assign to people

Select people to assign

Save selection

Step 6: Verify User Provisioning

  1. Return to the API7 Dashboard.
  2. Go to Organization -> Users.
  3. Confirm that the users assigned in Okta have been provisioned to API7 Gateway.

SCIM provisions the user accounts, but role assignments are still governed by API7 Gateway RBAC. If you also configure Dashboard SSO role mapping, user roles can be refreshed during login based on your SSO mapping rules.

Verify users in Dashboard

Next Steps

API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway
API7 AI Gateway
API7 API Portal

Learn

API Gateway Guide
Plugin Hub
API Gateway Comparison
Customers

Resources

API Gateway Docs
Blog
Demo Hub
APISIX vs Kong

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation