User provisioning with Okta and SCIM

How does user provisioning with Okta and SCIM work?

User provisioning with Okta and System for Cross-domain Identity Management (SCIM) streamlines user management in SafetyCulture, automatically keeping user fields up to date without manual effort.

Okta serves as the identity source, managing user fields such as names, job roles, and departments. SCIM provisioning then ensures these attributes stay in sync with SafetyCulture, creating or updating users fields whenever changes occur in Okta.

Administrators can also map custom user fields like employment type or training status to SafetyCulture, ensuring standardized user data across both systems. Provisioning is fully controlled in Okta, which allows real-time updates and simplification of user management.

This integration helps administrators by:

• Automating onboarding and offboarding.
• Ensuring data consistency.
• Reduces administrative workload.

Requirements

• Okta Admin account
• SafetyCulture Premium Plan or Enterprise Plan
• Web app
• "Platform management: Organization" permission
• API token
• User fields

📘

During setup, administrators will need to switch between SafetyCulture and Okta to enable SCIM provisioning, map attributes, and enable synchronization.

1. Enable user provisioning in Okta

1. Log in to Okta Admin.
2. Search for your application.
3. In the General tab, click Edit.
4. Select SCIM from the options.
5. Click the Provisioning tab.
6. Select Integration from the menu on the left-hand side.
7. Click Edit.
8. Enter the following details:

• SCIM connector base URL: Enter the SCIM endpoint, which allows Okta to communicate with SafetyCulture for user provisioning. For example, https://api.safetyculture.com/accounts/scim/v2.
• Authorization: Generate an API token via the SafetyCulture web app, and enter the token in this field.

9. Select supported provisioning actions you want to use.
10. Click Test Connector Configuration. If the configuration is successful, close the pop-up window.
11. Click Save.

2. Map custom user fields

📘

Before mapping custom fields, create your user fields in SafetyCulture. Otherwise, these will not be synced. SCIM can only populate fields that already exists. You can map any of the supported data types (text, date, user, and multiple choice).

1. In the SafetyCulture web app, copy the user field ID.
2. In Okta, click the Provisioning tab.
3. Click To App from the menu on the left-hand side.
4. Under Attribute Mappings, click Go to Profile Editor.
5. Click Add Attribute.
6. Add the following details to define the SafetyCulture user field in Okta.

• Data type: Select String.
• Display name
• Variable name
• External name: Enter the SafetyCulture user field ID as the external name.
• External namespace: Enter the SafetyCulture user field ID as the external namespace. The format must be urn:ietf:params:scim:schemas:extension:safetyculture_attributes:2.0:User:{custom field id}.

7. Add more attributes as needed.
8. Click Mappings.
9. Select Configure User mappings.
10. Click the Okta User to Profile Mappings tab.
11. Enter the format for the new string fields.

• For date fields, use the RFC3339 format. For example, 1996-12-19T16:39:57-08:00 or 1985-04-12T23:20:50.52Z.
• For multiple choice fields, the value must be the string value of any of the predefined options.

12. Click Save Mappings.
13. Click Apply updates now.

3. Test user provisioning

1. In Okta, click Applications from the menu on the left-hand side.
2. Click Applications.
3. Search for your application.
4. Click the Assignments tab to assign users to your application.
5. Search for a user.
6. Click Assign.
7. Verify the new user fields.
8. Click Save and Go Back.
9. In the SafetyCulture web app, click your organization name on the lower-left corner of the page.
10. Click Users.
11. Select the user you assigned to your application.
12. Verify the new user fields.

🪄

To learn more about user provisioning with Okta and SCIM, refer to their guide for details.

Related article

📌 What are user fields?