Setup SCIM in Okta

This documentation provides a step-by-step guide to setting up automatic user provisioning with Okta. You’ll have to create and configure a new application based on the SCIM protocol.

To do so, you will need to log in to your Okta, and you also need to log in to your company RandomCoffee subscription to execute specific actions in the Admin Center.

  1. Create a new application

  2. In Applications, select Browse App Catalog.

  3. Select SCIM 2.0 Test App (Header Auth)

    ℹ️ You must have SSO configured before enabling SCIM for your RandomCoffee team.
  4. Change the application label (e.g. RandomCoffee SCIM) so that you can identify this application later and press Next.

  5. In the newly created application, select the Provisioning tab and enable the feature by clicking on Configure API integration.

  6. Click Enable API integration.

  7. For the next step, you have to provide the URL and Token provided by RandomCoffee. Go to the RandomCoffee Admin Center, open Settings, and click Enable in the Provisioning section.

  8. Copy API credentials (Base URL and API Token) to Okta and select Test API Credentials.

    ℹ️ Add "Bearer " as the prefix to your API token (”Bearer XXXXXXXX”)

  9. If the entered API credentials are correct, then a success message is displayed, and you should select Save.

  10. On the Provisioning tab, select To App in Settings and Enable Create Users, Update User Attributes, and Deactivate Users. Then press Save.

  11. Scroll down to attribute mappings, and leave at least the following mappings: Username, Given name, Family name, and Primary email.

Technical considerations when using RandomCoffee's provisioning integration

  • Newly provisioned users will be automatically assigned to the non-admin role. You can grant Admin Role in RandomCoffee Admin Center.

  • In case you change the status of SCIM managed user to Inactive on the RandomCoffee Admin Center UI, it won’t affect their ‘active' attribute in your provisioning application.

  • User information can’t be changed on the Admin Center UI.

Last updated