Documentation

Okta SCIM: Provision Opal Users

Suggest Edits

This guide provides the steps required to configure User Provisioning from Okta to Opal.

The following provisioning features are supported:

  • Push new users. New users created through Okta will also be created in Opal.
  • Push profile updates. Updates made to the user's profile through Okta will be pushed to Opal.
  • Push user deactivation. Deactivating the user or disabling the user's access to the application through Okta deactivates the user in Opal. Note: For this app, deactivating a user means removing all of that user's data and removing the user's account.

Configuration steps in Opal

To configure Opal to interact with Okta, you need to generate an Opal API token with admin level privileges.

As an admin, go to Configuration > Settings > API Access Tokens. Select the +API Access Tokens button. Generate a token with the Full-access role:

Save the generated token.

Configuration steps in Okta

  1. In Opal's Okta application, go to the Provisioning tab, then Integration on the left sidebar. Click Enable API integration.

  2. In the API Token field, shown above, enter the API token generated from Opal from the previous step.

  3. In the Base URL field, as shown above, enter the Base URL of your Opal instance. For example, the Base URL field for the https://app.opal.dev Opal instance is https://app.opal.dev/scim/v2. Be sure to append /scim/v2 to the base domain name.

  4. Click Save.

  5. After the integration is successfully enabled, go to To App on the left sidebar. Enable the features you want, as below:

Troubleshooting

We do not support propagation of updates of the username/email of an Okta user to Opal.

Updated about 1 month ago