SCIM Setup in Okta

Configure SCIM provisioning in Okta to enable seamless and automated user management across your applications.

Prerequisites

Before you start, do the following:

Configuring User Provisioning

Follow these steps:

  1. In the Okta admin dashboard, in the Applications section, select the SSO application for LeanIX.

  2. On the General tab, in the App Settings section, click Edit, then select SCIM against Provisioning. Save the changes.

    Selecting the "SCIM" Option for Provisioning in Okta

    Selecting the SCIM Option for Provisioning in Okta

  3. If you've previously created the role attribute, in the Profile Editor section, delete the attribute and then recreate it with the following External namespace value. Save the changes. The update might take some time. To verify that the property update has been completed, check a sample user assignment for their role inheritance.

    urn:ietf:params:scim:schemas:extension:workspacePermission:2.0:User
    
    Creating the "role" Attribute

    Creating the "role" Attribute

  4. On the SSO application page, navigate to the Provisioning tab. In the Integration section, click Edit against SCIM Connection and specify the following details. Save the changes.

    ParameterValue
    SCIM connector base URLhttps://{SUBDOMAIN}.leanix.net/services/mtm/v1/scim/v2
    Unique identifier field for usersuserName
    Supported provisioning actions- Import New Users and Profile Updates
    - Push New Users
    - Push Profile Updates
    Authentication ModeHTTP Header
    AuthorizationLong-lived access token that you obtained
    Configuring SCIM Connection Settings

    Configuring SCIM Connection Settings

  5. On the Provisioning tab, in the To App section, enable the following options:

    • Create Users
    • Update User Attributes
    • Deactivate Users

    Save the changes.

    Configuring Provisioning to App Settings

    Configuring Provisioning to App Settings

  6. To configure attribute mappings, scroll down to the Attribute Mappings section. The following attributes are mandatory for SCIM:

    • Username
    • Given name
    • Family name
    • Email
    • Primary email type
    • role: This attribute is only relevant for customers using an external IdP for SSO.
    Configuring Attribute Mappings for SCIM

    Configuring Attribute Mappings for SCIM

SCIM with Okta is set up. User states should be synchronized between the systems.