All Collections
Integrations & Embeds
SAML & SCIM
Okta SCIM integration
Okta SCIM integration

Automatically provision and manage accounts using Okta's SCIM integration with Slab

Updated over a week ago

Slab supports SCIM via Okta, allowing you to streamline your process without having to manually create or provision user accounts for every new hire, giving your entire team easy access to Slab.

โœ๏ธ Note: Before using SCIM, you must set up the SAML 2.0 integration with Okta.

Install SAML 2.0

Supported features

The following SCIM features are supported:

  • Create users: Users in Okta that are assigned to the Slab application in Okta are automatically added as members to your organization in Slab.

  • Update users: Updating user attributes in Okta will push them to Slab as well and reflect those changes.

  • Deactivate users: Deactivating or deleting users in Okta will automatically deactivate those users in Slab as well.

  • Group Push: Assigning groups in Okta will push the groups to Slab and also sync all members.

Features currently restricted or not supported yet are:

  • Syncing Passwords: Slab does not support automatically updating user passwords in Slab when updated in Okta. As a workaround, you can force SSO required for all users in SSO settings to not worry about user passwords at all.

Requirements

  • You must have an Okta account and be on the Business or Enterprise plan for Slab.

  • You must already have SAML 2.0 integration configured.

Configuration steps

1. Set up the SAML 2.0 integration if you haven't already.

2. Open your Okta Integration settings, and under Provisioning tab, enable SCIM and copy your SCIM API Token.

3. Open the Slab app in your Okta Admin dashboard.

4. Select the Provisioning tab and click on Configure API Integration button:

(If you do not see the Provisioning section or if it's disabled, you might be on an older version of our Okta integration. See the Troubleshooting section below for more details)

5. Select the Enable API Integration checkbox, and enter the API token you copied from Slab team in step 2.

6. Click on the Test API Credentials button to make sure that the API token works correctly for your Slab team, before finally hitting Save.

7. The page will refresh and you'll now find the Provisioning section with more settings.

8. In the To App settings, click the Edit button and enable:

  • Create Users

  • Update User Attributes

  • Deactivate Users

9. Click Save to enable SCIM for your Slab team.

10. Unassign and reassign existing users or groups on the Slab app. While this is optional, it is still recommended because existing users will not be updated/deactivated in Slab if you do the same in Okta. See the Troubleshooting section below for more details.

11. When assigning groups or users, choose the appropriate User Type to be mapped in Slab (i.e. if the users should be a standard user, admin or guest in Slab)

โœ๏ธ Note: Now that you've set up SCIM, you can start using Push Groups!

Set up Push Groups

Known Issues & Troubleshooting

Okta as the Source of Truth

The SCIM integration uses Okta as the source of truth for all users and groups synced via Okta. This means that any changes made to users or groups created through Okta SCIM will be overridden when they're updated in Okta.

Examples of this are:

  1. Changes to a user's name or title in Slab will be reverted back to the original on a resync from Okta, or overridden by a new value set in Okta.

  2. An existing group in Slab will have its members overridden when a new group of the same name is pushed from Okta.

Changing Usernames

The SCIM integration uses Okta usernames to manage and sync users and thus does not support username changes. Changing usernames on Okta can break the behavior for that user. You can reach out to us for more information on how our Okta integration works.

Provisioning Tab / Other Features Missing

If you don't see the "Provisioning" tab in the Slab integration in Okta, or if other SCIM features are missing; there's a good chance you're on an older version of the integration. Follow the Migration Guide here to get the features.

Updating/Deactivating users in Okta is not reflected in Slab

Users or Groups assigned to the Slab app before SCIM is enabled will not have SCIM working for them. That means if you update or deactivate the user in Okta, they will not be updated or deactivated in Slab. This is a limitation on Okta's end.

If you had only a few users/groups assigned to the app before enabling SCIM, the simplest workaround is to unassign and reassign them. If not, you can get in touch with Okta support and ask them to do it for you.

Other Issues

Having issues setting up the integration? Contact us for help.

Email support

Did this answer your question?