> For the complete documentation index, see [llms.txt](https://docs.datasaur.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.datasaur.ai/integrations/scim/okta.md).

# Okta

This guide assumes that you have already enabled SCIM in the Datasaur app and want to use Okta as the identity provider for both SAML and SCIM integration.

## Integrate SCIM 2.0 on Okta

### Enable SCIM provisioning

Start by enabling SCIM provisioning for your existing app that is already configured with SAML.

1. Open your existing app in Okta.
2. Go to **Settings**. The **General** tab opens by default.
3. Enable the **Enable SCIM provisioning** option.
4. **Save** the changes.

<figure><img src="/files/2maeZBbkO3zAGQXRsgIg" alt=""><figcaption><p>Enable SCIM Provisioning</p></figcaption></figure>

### Configure the settings

After enabling SCIM provisioning, go to the **Provisioning** tab.

The sidebar contains the following sections:

* To App
* To Okta
* Integration

#### Integration settings

1. Open **Provisioning > Integration**.
2. Fill the **SCIM connector base URL:**

   ```
   https://<datasaur-app-base-url>/api/teams/<your-team-id>/scim/v2.
   ```

   Replace `<datasaur-app-base-url>` and `<your-team-id>` accordingly.

   1. For SaaS Datasaur-hosted, you can use `app.datasaur.ai` as the `<datasaur-app-base>`. If you're self-hosted, adjust accordingly based on your domain.
   2. You can find the team ID in the URL. For example, if you are currently on `https://app.datasaur.ai/teams/1/projects`, your team ID is `1`.
3. Set the **Unique identifier field for users** to `email`.
4. Under **Supported provisioning actions**, enable:
   1. Import New Users and Profile Updates
   2. Push New Users
   3. Push Profile Updates
   4. Push Groups
5. For the **Authentication Mode**, select `HTTP Header`.
   * Fill the **Authorization** under **HTTP Header** section with the API key that you [generated before](/integrations/scim.md) from the Datasaur app.
6. Click **Save**.

<figure><img src="/files/M8wYMhJBF53TMOWbpaH5" alt=""><figcaption><p>Provisioning: Integration Settings</p></figcaption></figure>

#### Configure To App settings

1. Open **Provisioning > To App**.
2. Enable the following options:
   1. Create Users
   2. Update User Attributes
   3. Deactivate Users

<figure><img src="/files/e5nQULgp0axotm0dxiJf" alt=""><figcaption></figcaption></figure>

## Provision users to Datasaur

You can provision users in two ways:

* Assign people individually
* Assign groups

### Assign people

You can directly assign users to the Datasaur app. Assigned users are automatically added to the workspace with the default **Labeler** role, since role mapping is not applied to individual assignments.

1. Open your app in Okta.
2. Go to the **Assignments** tab.
3. Click **Assign** > **Assign to People**.
4. Select the users you want to add.
5. Click **Done**.

Users should appear in the workspace within a few minutes.

### Assign groups

You can provision multiple users at once by assigning groups.

Users in assigned groups receive roles based on the group-to-role mapping configured in Datasaur. Every change to the group is automatically updated through push groups.

#### Before you begin

Make sure group-to-role mapping is already configured in Datasaur. Group names in Okta must exactly match the group names configured in the mapping.

If the groups do not exist yet:

1. In Okta, go to **Directory > Groups**.
2. Create the required groups.
3. Use the same group names configured in Datasaur.

#### Assign the groups

1. Open your app in Okta.
2. Go to the **Assignments** tab.
3. Click **Assign > Assign to Groups**.
4. Select the groups you want to add.
5. Click **Done**.
6. Open the **Push Groups** tab and click **Push Groups**.
7. Select a group and click **Save** or **Save & Add Another**.
8. Repeat until all groups are added.

Users from the assigned groups should appear in the workspace within a few minutes with their mapped roles.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.datasaur.ai/integrations/scim/okta.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.