B2B Saas Authentication

/

Guides

/

Authorization & Provisioning

/

SCIM

/

Integration Guides

/

Using Okta

Setting up SCIM with Okta

SCIM requests are sent from a workforce IdP to Stytch, so the first step is to create a test instance with a popular workforce IdP like Okta.

Adding SCIM to SAML app

1
Enable SCIM provisioning for app

If you already have an existing SAML application in Okta, you can enable SCIM provisioning for this application by navigating to the General tab of the application and checking “Enable SCIM Provisioning” under the app settings.

Enable SCIM for an existing Okta SAML App

Save this change.

2
Create SCIM Connection in Stytch

Create a SCIM Connection in Stytch (using the dashboard or the Create SCIM Connection API) with okta as the IdP.

Create SCIM Connection in Stytch Dashboard

Click save and you'll create a SCIM Connection with a Base URL and Bearer Token.

Stytch Okta SCIM Connection Credentials

Leave this tab open and navigate back to Okta to input the returned credentials.

3
Configure Okta SCIM settings

Navigate to the new “Provisioning” tab in the application view of Okta. Edit the SCIM Connection settings and change the Authentication mode to HTTP Header. Copy the Stytch SCIM Connection BaseURL into the “SCIM connector base URL” field and copy the returned HTTP Bearer Token into the HTTP Header Authorization Bearer Token field.

Set the Unique identifier to userName and select all Push provisioning actions.

Your connection settings should look as follows:

Expected SCIM Configuration for existing SAML App

Save.

4
Provision users

Once saved, you can test the SCIM integration by Assigning/Removing people from the application and seeing these changes propagate to your Stytch Member records. You can also configure Webhooks to receive notifications in your system when changes occur.

5
(Optional) Configure webhooks

To notify your own system of changes that occur via SCIM, you can configure webhooks.

Standalone SCIM app

1
Create SCIM app

If you haven’t already configured a SAML application, you can create a standalone SCIM Application by navigating to Applications → Browse App Catalog and searching for “SCIM 2.0 Header Auth” and selecting the following application.

Search App Catalog for SCIM

You will be prompted to name your application

Name your standalone SCIM app

2
Update SCIM configuration settings

On the Sign-on Options tab scroll to the bottom, and under Credential Details change the application username format to use email.

Use email for username in SCIM app

You can then save the application and navigate to the Provisioning tab and click Configure API Integration.

3
Create Stytch SCIM Connection

Create a new SCIM Connection in Stytch in the dashboard with okta as the IdP. by navigating to Organizations then clicking your desired Organization and configuring the connection in the Configure SCIM Connection section.

Create SCIM Connection in Stytch DashboardStytch Okta SCIM Connection Credentials

4
Input SCIM credentials into Okta

Back in the Okta admin dashboard, input the returned BaseURL and set the API Token to Bearer ${returned_bearer_token}.

Stand alone SCIM app credentials

You will then be able to select which actions to send via SCIM.

Enable SCIM actions to send from Okta

5
Provision users

Once saved, you can test the SCIM integration by Assigning/Removing people from the application and seeing these changes propagate to your Stytch Member records. To notify your own system of changes that occur via SCIM, you can configure webhooks.

6
(Optional) Configure webhooks

To notify your own system of changes that occur via SCIM, you can configure webhooks.

Adding SCIM to SAML app

1.

Enable SCIM provisioning for app

2.

Create SCIM Connection in Stytch

3.

Configure Okta SCIM settings

4.

Provision users

5.

(Optional) Configure webhooks

Standalone SCIM app

1.

Create SCIM app

2.

Update SCIM configuration settings

3.

Create Stytch SCIM Connection

4.

Input SCIM credentials into Okta

5.

Provision users

6.

(Optional) Configure webhooks