---
title: "Okta SAML and SCIM"
slug: "okta-saml-and-scim"
updated: 2025-10-23T10:05:40Z
published: 2025-10-23T10:05:40Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.unleash.so/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta SAML and SCIM

## SSO Configuration with Okta

Before getting started in Okta, complete the following steps in Unleash to ensure you have access to the information you need:

- Navigate to the **Control Center** in Unleash and click on the **Sign-In**page.
- Under SSO, click **Configure**.
- Select **SAML** as the authentication method.
- Choose **Okta** as your identity provider.

> [!NOTE]
> After SAML is configured, users will no longer be able to sign in using your existing SSO Identity Provider (such as “Sign in with Google”). All authentication will be routed exclusively through Okta, and alternate SSO methods will be disabled.

Once you've completed these steps, open your Okta account and follow the instructions below.

## Step 1: Creating an App

- Go to the **Applications** section of your Okta admin console and click **Create App Integration**.
- Select **SAML 2.0** and click **Next**.

![](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/image-1720514881835.png)

## Step 2: General Settings

- Name your app, **Unleash IT**, and upload the provided logo below.

[](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/unleash_icon_purple_png.png)unleash_icon_purple_png4.12 KB[**](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/unleash_icon_purple_png.png)
- Mark your app as **Do not display application icon to users** and **Do not display application icon in Okta Mobile App***.*

![](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/image-1720515323225.png)

## Step 3: SAML Settings

- Copy the **Single Sign-On URL** from the Okta SAML configuration page in Unleash and paste it into the **Single Sign-On URL** field on the Okta setup page.
- Fill in the **Audience URI** to be unleash-tech .
- Fill in the **Default RelayState** to be initiator=Idp&returnUrl=https://app.unleash.so/signin .

![](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/image-1720515340901.png)

- Under **Attribute Statements**, fill in the following attributes mapping:
  - Please note that the user.id may not be in the dropdown but you can fill it manually.

| firstName | user.firstName |
| --- | --- |
| lastName | user.lastName |
| email | user.email |
| userId | user.id |

![](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/image-1722160636638.png)

## Step 4: Finish

- On the last page of the app creation wizard, mark your app as an****internal app.**

![](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/image-1720515375070.png)

- After the app is created, copy the **Identity Provider Metadata** URL and paste it into the corresponding field in the **Okta SAML configuration** page in Unleash.

![](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/image-1720515386707.png)

## SCIM Configuration with Okta

1. Set up a SAML app in Okta.
2. Under the General tab, click on **Enable SCIM provisioning**.

![](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/image-2.png)

1. Under the **Provisioning** tab, navigate to **Settings** -> **Integration**and fill in the following fields:
  - **SCIM connector base URL**
    - Enter the following URL: **https://okta-scim.unleash.so******
  - **Supported provisioning actions**

Please select the following checkboxes:
    - Push new users
    - Push Profile Updates
    - Push Groups
  - **Authentication Mode**

Enter the following field: **HTTP Header**
  - **Configure Authorization**

*#Enter the token generated by your Unleash representative*

![](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/image-1720515644762.png)

1. Under the **Provisioning** tab, navigate to **Settings** -> **To App** and edit and enable the following options:

![](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/image-1720515624959.png)

1. Under the **Assignments** tab, assign groups for provisioning.

![](https://cdn.document360.io/9c439416-8f37-43ae-8ba7-d5c31de26a65/Images/Documentation/image-4.png)

1. Under **Push Groups**, click on the **Push Groups** button. Then, add the group by either name or rule to initiate push provisioning.

If you require further assistance, feel free to contact your Unleash point of contact or email us at [support@unleash.so](mailto:support@unleash.so).