Skip to main content
All CollectionsIntegrations
SCIM Okta
SCIM Okta

SCIM integration with Okta

Russel Joseph Balane avatar
Written by Russel Joseph Balane
Updated over 3 years ago

Features:

  • Create Users

  • Update User

  • Attributes

  • Deactivate Users

  • Import Users

  • Import Groups

Requirements

1. Before starting to configure SCIM you have to contact support@looop.co to have it enabled for your organisation. If you follow steps 1-3 and are able to see SCIM token -- it is already enabled for you.

2. To configure Looop/Okta SCIM integration, you need to have an Admin account on Looop and an Admin account on Okta.

Configuration Instructions

1. Log in as organisation administrator.

2. Go to Account > Provisioning page and find the SCIM Integration section:

Image Looop Labs - 1) Looop Academy

3. Above your token, you’ll find a SCIM base URL

4. Go to Okta UI and find the Looop application you set up for SAML authentication

5. Open configurations settings

6.Select “Provisioning” tab:

Image Looop Labs - 1) Looop Academy

7. Select the “Integration” section on the left sidebar and set up your SCIM endpoint and token there:

Image Looop Labs - 1) Looop Academy

Keep in mind that the Url should always end with “/scim/v2”.

8. Click “Edit” and configure settings as on following screenshot:

Image Looop Labs - 1) Looop Academy

Click “Save”.

9. Configure mapped attributes for users as follows (you can request additional attributes from us if required, also you can use anything that is part of default SCIM schema, this is minimum set to have working integration with Looop):

Image Looop Labs - 1) Looop Academy

10. Click “Test API credentials” and make sure the success message appears.

11. Select “Push Groups” section on top. The list of available groups will appear, and you can select “Activate group push” in “Push Status” column for groups you want to be synced.

NOTE: This only defines if the information about the group itself and its memberships will be made available to Looop. Users who will be synced, even if based on group memberships are chosen in different section.

Image Looop Labs - 1) Looop Academy

12. You can configure what users will be synced with Looop by selecting “Assignments” section on top, it’s shared between SSO and Provisioning config, so should already be set up.

Available attributes

You can add extra attributes. On top of the SCIM spec attributes defined here https://datatracker.ietf.org/doc/html/rfc7643#section-4.1.1

Looop supports these two namespaces and these fields:

  • urn:ietf:params:scim:schemas:extension:Looop:2.0:User

  • area

  • department

  • location

  • position

  • custom_1

  • custom_2

  • custom_3

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

  • department

  • employeeNumber

  • manager

To add these attributes, put namespace into and field for example like this for manager:

Image Looop Labs - 1) Looop Academy
Did this answer your question?