Configure SCIM for Okta

As part of the Okta Integration Network (OIN), Advanced Server Access can sync your users and groups from the Okta Universal Directory, which makes it easier to manage people, memberships, and roles across Advanced Server Access. Okta does this by using the System for Cross-domain Identity Management (SCIM) specification.

To enable syncing from Okta, complete the following steps: 

  1. In the Okta admin dashboard, open the Okta Advanced Server Access application and click the Provisioning tab.
  2. Click Configure API Integration.
  3. Select Enable API Integration, then click Authenticate with Okta Advanced Server Access.
  4. Enter the name of your team in the Add a Team field, then click the arrow arrow button. The Grant Permissions window appears.
  5. Okta requests permission to manage users and groups using SCIM, and to create a service user. Enter a name for the service user in the Username field, then click Approve.
  6. Click Save when you're redirected to Okta.

Your Okta users are now directly provisioned to Advanced Server Access, and any change to a user in Okta is automatically reflected in Advanced Server Access.

Usernames in Advanced Server Access

By default, the local part of a user's Okta username is used for their server usernames in Advanced Server Access. For example, first.last is the local part of the Okta username first.last@example.com.

If a user's Okta username contains characters other than letters, numbers, dashes (-) or underscores (_), then you must create a username that contains only those characters and assign it as the user's Advanced Server Access username in Okta.

The Unix and Windows server usernames are defined in Okta as unixUserName and windowsUserName, respectfully. Periods are replaced with underscores for Windows usernames. For example, the Windows username derived from first.last@example.com is first_last. Usernames are truncated to 32 characters for Unix usernames, and 20 characters for Windows usernames.

You can customize server usernames by configuring mappings for unixUserName and windowsUserName under the Provisioning tab of your Advanced Server Access instance in Okta. See Work with Okta user profiles and attributes.

Next steps