Breadcrumbs

Provisioning with Okta

Setting Up Provisioning with Okta

Enpass supports automatic user provisioning through the SCIM 2.0 protocol. Connecting Okta with Enpass lets you automate user creation, license assignment, and user removal directly from your Okta admin portal.

Before you begin, make sure you have generated your SCIM connector credentials (Tenant URL and Secret Token) from the Enpass Admin Console. See Generating SCIM Connector Credentials (Step 1).

To begin, log in to the Okta Admin Portal.

Step 1: Create the Enpass SCIM Application

  1. In the Okta Admin Portal, go to Applications > Applications.

  2. Click Browse App Catalog.

  3. In the search field, enter SCIM 2.0.

  4. From the search results, select SCIM 2.0 Test App (Header Auth).

  5. Click Add Integration.

Step 2: Configure General Settings

  1. On the General Settings page.

    1. Enter the application name in the Application Label field. (Example: Enpass SCIM)

    2. Disable Application Visibility.

    3. Disable Browser plugin auto-submit.

  2. Click Next.

Step 3: Configure Sign-On Options

  1. On the Sign-On Options page:

    • Leave all settings at their default values.

  2. Click Done.

Step 4: Enable SCIM Provisioning

  1. Open the Provisioning tab.

  2. Click Configure API Integration and enable Enable API Integration.

  3. Enter your SCIM Connector Base URL (Tenant URL) and API Token (Secret Token) from Enpass Admin console.

  4. Click Test API Credentials to verify the connection.

  5. Click Save.

Step 5: Configure Provisioning Actions

  1. Under the Provisioning tab, go to To App settings.

  2. Enable the following actions:

    • Create Users

    • Update User Attributes

    • Deactivate Users

  3. Click Save.

Step 6: Assign Users and Groups

  1. Go to the Assignments tab of the application.

  2. Click Assign and select Assign to People or Assign to Groups.

  3. Select the users or groups you want to provision in Enpass and click Assign.

  4. Click Done.

Okta will automatically provision assigned users. Provisioned users appear in the Enpass Admin Console tagged with a SCIM label.

Note: Provisioned users cannot be removed manually from the Enpass Admin Console. Administrator accounts must be removed from the Admin Console manually before they can be deprovisioned via Okta. See Removing and Offboarding Users .