Okta SCIM provisioning is a paid feature.

If you’re using Infisical Cloud, then it is available under the Enterprise Tier. If you’re self-hosting Infisical, then you should contact sales@infisical.com to purchase an enterprise license to use it.

Prerequisites:

1

Create a SCIM token in Infisical

In Infisical, head to your Organization Settings > Authentication > SCIM Configuration and press the Enable SCIM provisioning toggle to allow Okta to provision/deprovision users and user groups for your organization.

Next, press Manage SCIM Tokens and then Create to generate a SCIM token for Okta.

Next, copy the SCIM URL and New SCIM Token to use when configuring SCIM in Okta.

2

Configure SCIM in Okta

In Okta, head to your Application > General > App Settings. Next, select Edit and check the box labled Enable SCIM provisioning.

Next, head to Provisioning > Integration and set the following SCIM connection fields:

  • SCIM connector base URL: Input the SCIM URL from Step 1.
  • Unique identifier field for users: Input email.
  • Supported provisioning actions: Select Push New Users, Push Profile Updates, and Push Groups.
  • Authentication Mode: HTTP Header.

Under HTTP Header > Authorization: Bearer, input the New SCIM Token from Step 1.

Next, press Test Connector Configuration to check that SCIM is configured properly.

Next, head to Provisioning > To App and check the boxes labeled Enable for Create Users, Update User Attributes, and Deactivate Users.

Now Okta can provision/deprovision users and user groups to/from your organization in Infisical.

FAQ