Setting up Okta SCIM

What's in this article:

Features

Writer supports the following provisioning features:

  • User and Group Push: Okta Groups are automatically pushed to Writer Teams, and users are pushed as team members in your Writer organization.
  • User and Group Import: Writer users are imported into Okta and matched against existing users, or created as new ones. Writer Teams are imported as Okta Groups.
  • Update user attributes
  • Deactivate/reactivate users

Presently, Writer does not support the following Okta provisioning features, but may in the future:

  • Sync password

Requirements

  • Set up SAML SSO between Writer and Okta
  • SCIM included in your Writer Enterprise subscription (ask your CSM, or check service agreement to confirm)

Setup instructions

1. Locate SCIM setup details in Writer

To get started, visit the Admin PanelSingle sign-on page and find the SCIM section.

From here, you can select the default team new users are assigned to. More importantly, though, this is where you'll find important setup details, including your unique bearer token:

Unique identifier: email
Endpoint: https://app.writer.com/api/scim/v2
Bearer token: unique to your Writer organization

2. Configure SCIM in Okta

Go to the Writer application> General tab in Okta and enable SCIM provisioning:

Go to ProvisioningIntegration and configure SCIM using your details from step 1. Writer's custom application uses SAML 2.0 authentication :

Note: The Push Groups provisioning action is only required when a) you have multiple teams set up in Writer, and b) you want to assign unique Okta groups to different Writer teams.

3. Configure role attribute in Okta

You can add a custom attribute to assign team member and team admin roles to Writer team members. To get started, visit Provisioning> Go to Profile Editor:

Select Add Attribute to set up the Writer Role attribute and match the field values to the below screenshot. Our external namespace is urn:custom:params:scim:schemas:extension:writer:2.0:User :

You can now use this attribute to assign Writer roles to Okta users and groups 🥳:

4. Push users and groups to Writer

It's time to link your Okta group to your app group (a Writer team). Go to Push Groups and select the ⚙️ icon:

Disable the checkbox for renaming app groups:

Select Refresh App GroupsFind groups by name to link your Okta Group and Writer Team:

Note: Linking Okta Groups and Writer Teams requires your Okta group name and Writer team name to be identical. Once the initial link is complete, you can change the name of the Okta group, if desired.

One last step! Go to Assignments and assign the group to the Writer application. You can also Assign to People instead, if you're provisioning individual users.

FAQ

General

Q: Can we provision our entire organization?

Yes and no. OKTA doesn’t allow you to select everyone for a group push. However, if all of your users are assigned to groups, you can push all of these to Writer, which will provision everyone.

Q: Can we manage imported group memberships in Okta?

No.

Q: Can we create or delete Writer Teams in Okta?

No.

Q: Is Writer in Okta's app catalog?

Yes. However, our guidance is to set up the integration as a custom application using SAML 2.0, instead.

Troubleshooting

If you have questions around our Okta SCIM integration, please contact support@writer.com.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Support Contact Support

Related articles