Version: 3.9.x

Configure SCIM Provisioning with Okta

Okta is a cloud-based identity and access management platform that provides secure authentication and user management for applications. By integrating Okta with API7 Enterprise using SCIM (System for Cross-domain Identity Management), you can automatically synchronize user accounts from Okta to the API7 Dashboard, eliminating manual user management and ensuring consistent access control.

This guide walks you through configuring SCIM provisioning between Okta and API7 Enterprise.

Prerequisites

Install API7 Enterprise.
Have an Okta account with admin privileges.

Create a SCIM App in Okta

Search for SCIM Integration

Log in to the Okta Admin Console.
Navigate to Applications > Applications from the side navigation.
Click Browse App Catalog.
Search for SCIM in the search bar.
Select SCIM 2.0 Test App (Header Auth) from the search results.

Add the Integration

Click Add Integration to add the SCIM test app to your Okta organization.

Add SCIM integration

Configure General Settings

In the General Settings tab, configure the application name and other settings as needed.

Configure general settings

Configure Sign-On Options

In the Sign-On Options tab, select Secure Web Authentication (SWA) as the sign-on method. (You can also choose the appropriate sign-on methods based on your needs, such as SAML 2.0.)

Select sign-on options

Click Done to save the application.

Save to add the application

Enable SCIM in API7 Dashboard

Log in to the API7 Dashboard with an admin account.
Select Organization from the top navigation bar, then choose Settings.

Dashboard settings

Enable SCIM Provisioning.

Enable SCIM provisioning

Copy the API7 SCIM Endpoint URL and SCIM Token. You will need these values to configure the Okta integration.

Copy SCIM URL and token

Configure SCIM Integration in Okta

Configure API Integration

Return to the Okta Admin Console and navigate to your SCIM application.
Select the Provisioning tab.

Select provisioning tab

Click Configure API Integration.
Check Enable API Integration.
Enter the SCIM 2.0 Base URL copied from the API7 Dashboard.
In the API Token field, enter Bearer <your_token>. Replace <your_token> with the SCIM Token copied from the API7 Dashboard.

note

Make sure to include a space after Bearer.

Click Test API Credentials to verify the connection, then click Save.

Configure API integration

Enable Provisioning Features

In the Provisioning tab, select To App from the left panel.
Click Edit to modify the provisioning settings.

Edit provisioning settings

Enable Create Users, Update User Attributes, and Deactivate Users as needed.
Click Save to apply the changes.

Enable create users

Assign Users to the Application

In the SCIM application, select the Assignments tab.
Click Assign and select Assign to People.

Assign to people

Select the users you want to provision to API7 Enterprise.

Select people to assign

Click Assign for each selected user, then click Done.

Save selection

Verify that the users are assigned to the application.

Check assigned users

Verify User Provisioning

Return to the API7 Dashboard.
Select Organization from the top navigation bar, then choose Users.
Verify that the users assigned in Okta have been provisioned to the API7 Dashboard.

Verify users in Dashboard

Additional Resources

Key Concepts
- Roles and Permission Policies
Getting Started
- Update User Roles
- Create Custom Role
Best Practices
- Dashboard SSO using LDAP
- Configure Dashboard SSO with Microsoft Entra ID

Prerequisites​

Create a SCIM App in Okta​

Search for SCIM Integration​

Add the Integration​

Configure General Settings​

Configure Sign-On Options​

Enable SCIM in API7 Dashboard​

Configure SCIM Integration in Okta​

Configure API Integration​

Enable Provisioning Features​

Assign Users to the Application​

Verify User Provisioning​

Additional Resources​