SCIM Configuration with Okta

Updated 3 months ago by Andrew White

Before you can configure provisioning for askSpoke, make sure you have configured SAML in askSpoke (Settings > Integrations > SSO > SAML). SAML and SCIM are only available on askSpoke’s Plus plan.

The following provisioning features are supported:

  • Push new users
    • New users created through Okta will also be created in askSpoke
  • Import new users
    • New users created askSpoke application can be imported into Okta.
  • Map specific attributes
    • Attributes that live at the user level can be mapped from Okta to askSpoke
  • Push profile updates
    • Updates made to the user’s profile through Okta will be pushed to askSpoke
    • Both invited and active users can be updated
  • Push user deactivation
    • Deactivating the user in Okta will deactivate the user in askSpoke
      • Note: for this application, deactivating a user means removing the user’s account
      • Both invited and active users can be deactivated

askSpoke API token

To turn on SCIM, log into askSpoke. You will need to be an askSpoke admin to make these changes.

  1. Navigate to Settings
  2. Click the Integrations tab
  3. Scroll to the SCIM card and click Connect

Confirm you'd like to Enable SCIM to reveal the API token.

Copy the API token to the clipboard. You will need to paste this into Okta.

Okta configuration

Log into Okta, and navigate to "Applications" to search your active applications for "askSpoke"

  1. Click the "Provisioning" tab
  2. select "API Integration" from the left menu.
  3. Click "Configure API integration"
  4. Click the "Enable API Integration" checkbox
  5. Paste the API Token copied in Section 1 into this field
  6. Click Save

Provisioning features

Click the "To App" tab on the left menu. Select the provisioning features you wish to enable, and select Save.

  • Create Users: Enable this if you would like to create or link a user when assigning the app to a user in Okta
  • Update User Attributes: Enable this if you would like Okta to update user profiles in askSpoke. If this is enabled, Okta will overwrite user details in askSpoke.
  • Deactivate Users: Enable this if you would like a user's askSpoke account to be deactivated when it is unassigned in Okta, or when their Okta account is deactivated.

SCIM can be used to update the following attributes
  • Display name
  • Job title
  • Email
  • Joined teams
  • Manager name
  • Manager email
  • Employee Type
  • Location
  • Department
  • Start Date

Assigning the app

Select the "Assignments" menu on the right side.

Make sure to assign the app to yourself first.

From the Assignments menu, select "Assign" then choose "Assign to People" or "Assign to Group"

Choose the people or groups you'd like to assign by selecting the "Assign" button on the right side.

Select "Save and Go Back"


Navigate back to askSpoke and check the user's profile to make sure that the user you assigned was updated. You will see the user you just added to Okta created as a user in askSpoke.

You can also navigate to the Integrations tab and click the SCIM Card. If SCIM is connected properly, you will just see the option to disable SCIM.

Mapping user attributes

To configure and map specific attributes from Okta to askSpoke

  1. Navigate to Users
  2. Select Profile Editor
  3. Click Mappings next to Applications

How did we do?

Powered by HelpDocs (opens in a new tab)