SCIM Setup

SCIM setup instructions for Okta

Written by Hunter Braun
Updated over a week ago

Follow these steps to set up SCIM for Okta after completing the steps in Kolide's Okta SAML / SSO Setup document.

Log in to your Okta account. Make sure your Okta user has super administrator permissions, or you won't have access to modify provisioning settings.

In the left sidebar, select "Applications" then click the "Applications" link in the expanded section. Find the application you configured for Kolide and click on it.

You should now be in the "General" tab. Click the "Edit" link in the "App Settings" section.

Under "Provisioning", select "SCIM", then click "Save."

You should now have a new "Provisioning" tab. Click it, then click "Edit" to the right of "SCIM Connection".

You'll need some values from Kolide for this form, so sign into your Kolide account, go to Settings and click "Single Sign-On", then "SCIM Settings" in the left sidebar.

Copy the value from the "SCIM Connector Base URL" field in Kolide and paste it into the "SCIM connector base URL" field in Okta, then copy the value from the "Unique Identifier Field For Users" field in Kolide and paste it into the "Unique identifier field for users" field in Okta.

Next, tick the boxes for "Push New Users", "Push Profile Updates", and "Push Groups" under "Supported provisioning actions".

Now, select "HTTP Header" as the "Authenication Mode" in Okta, and click the "Generate Authorization Bearer Token" button in Kolide. Copy the newly generated bearer token and paste it into the "Bearer" field in Okta.

Click "Test Connector Configuration", and you should see a new window that says "Connector configured successfully".

Click "Close" in the modal, then click "Save" on the form.

You should now be back in the "Provisioning" tab in Okta under the "To App" settings. Click the "Edit" button to the right of "Provisioning to App".

Tick the "Enable" boxes for "Create Users" and "Update User Attributes", then click "Save".

Back in Kolide, head to the "Authentication & Provisioning" section in settings and select "SCIM-Based User Provisioning" under "User Provisioning Methods", then click "Save Changes".

In Okta, go back to the "Assignments" tab and click "Provision User".

In the modal, click "OK".

This is needed because your user was assigned to the Okta app before provisioning was enabled.

Go to the "Push Groups" tab in Okta, then click the "Push Groups" button in the top left, then select "Find groups by name".

Enter the name of the group you'd like to push to Kolide, then click "Save".

Your groups should automatically start syncing to Kolide!

Did this answer your question?