Configure SCIM for Okta

As part of the Okta Integration Network (OIN), Advanced Server Access can sync your users and groups from the Okta Universal Directory, which makes it easier to manage people, memberships, and roles across Advanced Server Access. Okta does this by using the System for Cross-domain Identity Management (SCIM) specification.

To enable syncing from Okta, complete the following steps: 

  1. In the Okta admin dashboard, open the Okta Advanced Server Access application and click the Provisioning tab.

  2. Click Configure API Integration.
  3. Select Enable API Integration, then click Authenticate with Okta Advanced Server Access.

  4. Enter the name of your team in the Add a Team field, then click the arrow arrow button. The Grant Permissions window appears.

  5. Okta requests permission to manage users and groups using SCIM, and to create a service user. Enter a name for the service user in the Username field, then click Approve.

  6. Click Save when you're redirected to Okta.

Your Okta users are now directly provisioned to Advanced Server Access, and any change to a user in Okta is automatically reflected in Advanced Server Access.

Note: By default, the prefix of a username (for example, first.last is the prefix for the user first.last@example.com) is used for server usernames in Advanced Server Access. The Unix and Windows server usernames are defined in Okta as unixUserName and windowsUserName, respectfully. Periods are replaced with underscores for Windows usernames, so windowsUserName for first.last@example.com is first_last. Usernames are truncated to 32 characters for Unix, and 20 characters for Windows. You can customize server usernames by configuring mappings for unixUserName and windowsUserName under the Provisioning tab for your Advanced Server Access instance in Okta. See Work with Okta user profiles and attributes.

Next steps