Okta SCIM Integration Guide

This guide will help you set up automatic user provisioning from Okta to our application using SCIM.

Provisioning Features

User Lifecycle Management

  • Create - Automatically provision new users when assigned in Okta
  • Update - Sync profile changes (name, email, attributes) in real-time
  • Deactivate - Automatically deactivate users when unassigned
  • Reactivate - Re-enable users when reassigned

Group Provisioning

  • Push Groups - Create and sync Okta groups to application
  • Group Membership - Automatically manage user membership
  • Group Updates - Sync group name and description changes

Import Features

Note: Import features (Import New Users, Import Profile Updates) are not supported. User provisioning is unidirectional from Okta to Dokio only.

Prerequisites

  • Admin access to your Okta account
  • Dokio hub admin account
  • Your hub subdomain (e.g., example    if your app URL is example.dokio.co   )

Setup Instructions

1. Add the Application in Okta

  1. Log in to your Okta Admin Console
  2. Navigate to Applications > Applications in the left sidebar
  3. Click Browse App Catalog
  4. Search for Dokio
  5. Click Add Integration
  6. Click Done to add the application to your Okta instance

2. Configure Your Subdomain

  1. From your Applications list, click on the newly added application
  2. Navigate to the General tab
  3. In the App Settings section, click Edit
  4. Enter your Subdomain (e.g., example   if your app URL is example.dokio.co  )
  5. Click Save

3. Enable Provisioning

  1. Navigate to the Provisioning tab
  2. Click Integration
  3. Check the box Enable API integration
  4. Click Authenticate with Dokio
  5. This will open a window where you will need to Login to Dokio (Requires developer account) and Authorise
  6. Click Save

4. Configure Provisioning Settings

  1. Under the Provisioning tab, select To App from the left menu
  2. Click Edit in the provisioning settings
  3. Enable the following options based on your needs:
    • Create Users - Automatically create new users in the application
    • Update User Attributes - Update user information when changed in Okta
    • Deactivate Users - Deactivate users in the application when deactivated in Okta
  4. Click Save

5. Create Custom Attributes

Before configuring attribute mappings, you need to create the custom attributes required by Dokio. For detailed instructions on adding custom attributes to your Okta application, see Configure custom attributes for an app integration in Okta's documentation.

You will need to create the following custom attributes:

Attribute Name Type Required
accessLevel String Yes

6. Configure Attribute Mappings

For detailed instructions on mapping attributes, see Map attributes in Okta's documentation.

  1. Still under Provisioning > To App, scroll down to find Attribute Mappings
  2. Click on the attribute mappings section to review and configure
Okta Attribute Required
username Yes
email Yes
givenName Yes
familyName Yes
displayName Yes
accessLevel Yes
timezone No

Standard Attributes

The following standard attributes are mapped automatically:

  • Username - Mapped from email (required)
  • Email (required)
  • Given Name (required)
  • Family Name (required)
  • Display Name (required)
  • Timezone (Optional)
    • Set the user's timezone preference
    • Use standard timezone format (e.g., "Australia/Melbourne", "Europe/London")

Custom Attributes

Access Level (Required)

  • This attribute determines the user's permission level in our application
  • Map this to the exact Access Level name as it appears in Dokio (e.g., "Admin", "Manager", "User")
  1. Click Save after configuring your attribute mappings

7. Assign Users

  1. Navigate to the Assignments tab
  2. Click Assign and choose either:
    • Assign to People - Assign individual users
    • Assign to Groups - Assign entire groups
  3. Select the users or groups you want to provision
  4. For each assignment, ensure the Access Level field is populated with a valid access level name from your application
  5. Optionally set the Timezone if desired
  6. Click Save and Go Back for each assignment
  7. Click Done when finished

8. Verify Provisioning

  1. After assigning users, navigate to Provisioning > To App
  2. You should see provisioning tasks being processed
  3. Check your application to verify that users have been created with the correct access levels

Group Push Configuration

Group Push allows you to synchronize Okta groups and their memberships to Dokio. This section explains how to configure and use Group Push effectively.

How Group Push Works

When you push a group from Okta to Dokio:

  1. A corresponding group is created in Dokio with the same name
  2. Group membership is automatically synchronized
  3. Changes to the group (name, description, membership) are pushed to Dokio in real-time

Important Requirements

Critical: For a user to appear in a pushed group in Dokio, both of the following conditions must be met:

  1. The user must be assigned to the Dokio application in Okta (either directly or via group assignment)
  2. The user must be a member of the group being pushed

Users who are members of a pushed group but are not assigned to the Dokio application will not appear in the group within Dokio.

Setting Up Group Push

  1. Navigate to the Push Groups tab in your Dokio application in Okta
  2. Click Push Groups and select one of the following options:
    • Find groups by name - Search for a specific group
    • Find groups by rule - Create rules to automatically push groups matching certain criteria
  3. Select the group(s) you want to push
  4. Click Save

Common Group Push Issues

  • Members not appearing in Dokio group
    • Verify that the user is assigned to the Dokio application in Okta
    • Confirm the user is a member of the group in Okta
    • Check that user provisioning completed successfully before the group push
  • Group not syncing
    • Ensure API integration is enabled under Provisioning > Integration
    • Verify your subdomain is configured correctly
    • Check the Push Groups tab for error status
  • Duplicate groups created
    • This can occur if you push a group that already exists in Dokio
    • Use the "Link to existing group" option instead of creating a new group
  • Group membership out of sync
    • Unlink and re-push the group to force a full sync
    • Verify all group members are assigned to the Dokio application

Troubleshooting

Users not provisioning:

  • Verify your subdomain is entered correctly
  • Ensure API integration is enabled
  • Check that users are assigned to the application in Okta

Access Level errors:

  • Confirm the Access Level value matches exactly with an Access Level name in Dokio (case-sensitive)
  • This is a required field and must be populated for each user

Attribute mapping issues:

  • Review attribute mappings under Provisioning > To App
  • Ensure custom attributes are mapped correctly

Support

If you encounter any issues during setup, please contact our support team by clicking Contact at the top of the document or emailing us at support@dokio.com with:

  • Your subdomain
  • Screenshots of any error messages
  • Description of the issue you're experiencing
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us