Integrating Okta via SCIM into Addigy enables you to automatically sync your Okta user directory into Addigy, assign device management to users based on Identity attributes, and maintain synchronized user and group memberships across both platforms.
This integration provides:
- Centralized User Management – Sync your Okta directory users automatically into Addigy
- Device Assignment – Assign devices to users making it simple to identify device inventories
- Single Source of Truth – Keep user data synchronized inside of Addigy with real time events
- Scalability – Automate provisioning as your organization grows
How Okta SCIM Provisioning Works
- Create a custom SCIM application in Okta
- Configure SCIM settings and enter Addigy credentials
- Test the connector to verify connectivity
- Assign Okta users and groups to the SCIM app
- Optionally push Okta groups to Addigy for device targeting
- Okta syncs users/groups to Addigy on a regular cadence
- Verify users and groups appear in Addigy
Before You Begin
- Okta Access: Okta admin account with permission to create applications and manage groups
- Addigy Access: Addigy admin account with SCIM support enabled
- Addigy SCIM Credentials: Have your SCIM Base URL and Bearer Token ready (see Generate Addigy SCIM Credentials below)
- Okta Groups: Decide which Okta groups should be assigned to the SCIM app and which should be pushed to Addigy
Step 1: Generate Your SCIM URL and Token from Addigy
Purpose: Create the SCIM endpoint and authentication credentials needed for Okta to communicate with Addigy.
Instructions:
- Log in to Addigy as an administrator
- Navigate to End Users page on the left hand navigation
- On the End User Page select Setup End User Management
- You will be presented with:
- SCIM URL (e.g.,
https://***.addigy.com/scim/v2) - Bearer Token (a long alphanumeric string)
- SCIM URL (e.g.,
- Copy both values and store them securely – you'll need these for Okta configuration
- Click I've copied URL and Token
- ⚠️ Security Note: Treat the Bearer Token like a password. Do not share it publicly or commit it to version control. If compromised, regenerate immediately from the same settings page.
Step 2: Create a SCIM App Integration in Okta
Purpose: Set up a new custom application in Okta to serve as the SCIM provider.
Create the Application
- Log into your Okta tenant.
- In the left-hand navigation, go to Applications → Applications.
- Click Create App Integration.
- Select SAML 2.0 as the application type and click Next.
- In General Settings, give the app a meaningful name (e.g., "Addigy SCIM Provisioning") and check the box within the App visibility section.
- Click Next.
Configure SAML Settings (Placeholder)
- In SAML Settings, enter a dummy URL in both the Single sign-on URL and Audience URI (SP Entity ID) fields.
- Example: https://addigy.example.com/sso (this does not need to be valid)
- Why: These fields are required to proceed, but we won't use them for SCIM provisioning
- Click Next.
- In the Help Okta Support understand how you configured this application section, select the checkbox for This is an internal app that we have created.
- Click Finish. You will be taken to the application overview page.
Step 3: Configure SCIM Settings in Okta
Purpose: Enable SCIM provisioning and enter Addigy's SCIM credentials.
Enable SCIM Provisioning
- In the Addigy SCIM app, navigate to the General tab.
- In the Settings section, click Edit.
- In the Provisioning dropdown, select SCIM.
- Do not modify any other settings.
- Click Save.
Configure SCIM Integration Details
- Navigate to the Provisioning tab.
- In the Integration section, click Edit.
- Configure the following fields:
| Field | Value | Example |
| SCIM connector base URL | Paste the SCIM Base URL from Addigy (Step 1) | https://api.addigy.com/scim/v2 |
| Unique identifier field for users | userName | userName |
| Supported provisioning actions | Check: Push New Users, Push Profile Updates, Push Groups | All three enabled |
| Authentication Mode | Select HTTP Header | HTTP Header |
| Authorization | Paste the Bearer Token from Addigy (Step 1) | (your token) |
- Click Test Connector Configuration to verify the connection.
- Review the Detected Features list. Confirm that only the following items display a checkmark (✓):
- ✓ Create Users
- ✓ Update User Attributes
- ✓ Push Groups
- If other features are checked, they will be ignored during provisioning.
- Click Save.
Configure Provisioning to App (Addigy)
- While still on the Provisioning tab, go to the To App section and click Edit.
- In the Provisioning to App section, enable the following:
- ✓ Create Users
- ✓ Update User Attributes
- ✓ Deactivate Users
- Click Save.
Configure Attribute Mappings (Optional)
- (Optional) In the Attribute Mappings section, review and edit the user attributes Okta will send to Addigy.
- Addigy will only store and use the attributes specified in your SCIM configuration
- Common attributes: email, displayName, firstName, lastName, department, mobilePhone
- Customize mappings based on your Addigy attribute requirements
- Click Save once complete.
Step 4: Assign Users to Addigy via Okta Groups
Purpose: Specify which Okta users should be provisioned to Addigy.
Create an Okta Group for Addigy Users
The recommended approach is to create a dedicated Okta group (e.g., addigy_users) that contains all users to be provisioned to Addigy.
- In a new browser tab, navigate to Directory → Groups.
- Click Add Group.
- Give the group a meaningful name (e.g., addigy_users) and click Save.
- Search for the group you just created and open it.
- Click Add Members and select the users you want to provision to Addigy.
- You can add individual users or select multiple users at once
- Click Save.
Assign the Group to the SCIM App
- Navigate back to the browser tab where the Addigy SCIM app is open.
- Go to the Assignments tab.
- Click Assign → Assign to Groups.
- Search for the group you created (e.g., addigy_users) and click to select it.
- Click Assign → Save and Go Back.
- Confirm that the group now appears in the Assignments tab's Groups section.
- If the group does not display immediately, refresh the browser tab.
All users in this group will now be provisioned to Addigy. They will appear in the Addigy Users module within 5–10 minutes.
Step 5: (Optional) Push Okta Groups to Addigy
Purpose: Sync Okta groups to Addigy so you can use them for device assignment and targeting in Addigy policies.
Important Considerations
Group Assignment Best Practice:
- Groups used in the Assignments tab (to assign users to the SCIM app) cannot be used in the Push Groups tab
- Okta recommends creating separate groups for assignment vs. pushing
- If the same group is added to both places, the assignment will take precedence and the group may not push
Recommended Setup:
- Create one "assignment" group (e.g., addigy_users) and add it to the Assignments tab
- Use your existing Okta groups (e.g., developers, sales, marketing) in the Push Groups tab
- Ensure members of pushed groups are also members of the assignment group
Push Groups to Addigy
- In the Addigy SCIM app, navigate to the Push Groups tab.
- Click Push Groups → Find groups by name.
- (Alternatively, you can use Find groups by rule if you prefer rule-based selection)
- Search for and select an Okta group you want to push to Addigy (e.g., developers).
- Ensure Create Group is selected as the action.
- Click Save & Add Another.
- Repeat steps 3–5 for each additional group you want to push to Addigy.
- Click Save.
Important: For the user-group association to work, the members of the pushed groups must also be members of the assignment group (e.g., addigy_users). Users must be synced to Addigy before they can be associated with pushed groups.
Pushed groups will now appear in Addigy and can be used for device targeting and policy assignment.