# Okta

This guide assumes that you have already enabled SCIM on the Datasaur app and wish to use Okta as the Identity Provider for both SAML and SCIM integration.

## Integrating SCIM 2.0 on Okta

### Enabling SCIM Provisioning

Let's begin by enabling SCIM provisioning on your existing app, which has already been successfully integrated with SAML.

1. Open your existing app and navigate to Settings. The default tab should be **General**.
2. Check the **Enable SCIM provisioning** option.
3. **Save** the changes.

<figure><img src="https://448889121-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MbjY0HseEqu7LtYAt4d%2Fuploads%2Fgit-blob-006d00a4be3dc5c49ef46c5b3245af44f53b367b%2FSCIM%20-%20Okta%20-%20app%20settings.png?alt=media" alt=""><figcaption><p>Enable SCIM Provisioning</p></figcaption></figure>

### Configuring the Settings

After successfully enabling the SCIM provisioning above, navigate to the **Provisioning** tab. There will be multiple settings section on the sidebar which consist of: **To App**, **To Okta**, and **Integration**.

#### Settings: Integration

1. Fill the **SCIM Connector Base URL:** https\://\<datasaur-app-base-url>/api/teams/\<your-team-id>/scim/v2.
   1. Replace **\<datasaur-app-base-url>** and **\<your-team-id>** accordingly.
   2. For SaaS Datasaur-hosted, you can use **app.datasaur.ai** as the \<datasaur-app-base>. If you're self-hosted, adjust accordingly based on your domain.
   3. To get the team ID, it can easily be fetched from your URL. For example, if you are currently on <https://app.datasaur.ai/teams/1/projects>, your team ID is 1.
2. Fill the **Unique Identifier Field for Users**: email.
3. For the **Supported Provisioning Actions**, check the following options:
   1. Import New Users and Profile Updates
   2. Push New Users
   3. Push Profile Updates
   4. Push Groups
4. For the **Authentication Mode**, select HTTP Header.
   * Fill the **Authorization** under HTTP Header section with the API key that you [generated before](https://docs.datasaur.ai/integrations/scim) from the Datasaur app.
5. Click on the **Save** button.

<figure><img src="https://448889121-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MbjY0HseEqu7LtYAt4d%2Fuploads%2Fgit-blob-8aa19e538411df31a0de3eef6b8363d21641177c%2FSCIM%20-%20Okta%20-%20SCIM%20connection.png?alt=media" alt=""><figcaption><p>Provisioning: Integration Settings</p></figcaption></figure>

#### Settings: To App

Navigate to another setting called **To App** on the left, then enable the following options:

1. Create Users
2. Update User Attributes
3. Deactivate Users

<figure><img src="https://448889121-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MbjY0HseEqu7LtYAt4d%2Fuploads%2Fgit-blob-761ca57fccab08a1577c18011df1f15bd99ed401%2FSCIM%20-%20Okta%20-%20Provisioning%20to%20app.png?alt=media" alt=""><figcaption></figcaption></figure>

## Provisioning Users to Datasaur

There are two ways to provision users to Datasaur: **assigning people** or **assigning groups**.

### Assigning People

You can directly assign a person to the Datasaur app. They will automatically be added to the Workspace, with the default role of labeler since no role mapping is configured for individuals.

1. Go to your app on Okta.
2. Navigate to the **Assignments** tab.
3. Click **Assign** > **Assign to People**. Continue selecting the desired users to be added to your Workspace. Then, click **Done** to finish the assignment.
4. Wait for a few mins and the users should be added to the Workspace as Labeler.

### Assigning Groups

You can assign multiple people at once that are under a group. All users in a group will be added and assigned by the role mapping that is defined on the Datasaur app. Every change to the group will automatically be synchronized due to the Push Groups functionality.

1. Ensure the role mapping is properly configured on the Datasaur app.
2. If you don't configure the Groups just yet, navigate to the **Groups** under Directory on the sidebar of your Okta dashboard. Create all the groups that you needed and make sure you name each group the same as the name defined in the role mapping.
3. Go to your app on Okta.
4. Navigate to the **Assignments** tab.
5. Click **Assign** > **Assign to Groups**. Select the desired groups to be added to your Workspace. Then, click **Done** to finish the assignment.
6. Navigate to the **Push Groups** tab.
7. Click the **Push Groups** button, find a group, and then click **Save** or **Save & Add Another**. Reiterate this process until all the groups from step 5 are added.
8. Wait for a few mins and the users from all the groups should have been added to the Workspace with the appropriate role.