Skip to main content

Okta SCIM Configuration in Hyperproof

SCIM provisioning is an option with your SSO, and can be leveraged for Okta with Hyperproof.

Danielle Moerman avatar
Written by Danielle Moerman
Updated over 4 months ago

Use the SCIM provisioning option with your SSO directory to bring users into Hyperproof without inviting each user individually.

System for Cross-domain Identity Management (SCIM) is a protocol used for automated provisioning that manages the flow of user identity information between an Identity Provider and a cloud or service app, such as Hyperproof. Hyperproof can add, update, and deactivate users by using SCIM to access and monitor users authenticated by Okta.

The workflow to use SCIM provisioning is as follows:

  1. Configure SCIM in Hyperproof.

  2. Configure SCIM for the Hyperproof app in your SSO platform.

  3. Configure your SSO platform to send users to Hyperproof and synchronize their data. Assign users in Okta to the Hyperproof app. This triggers the user synchronization between Okta and Hyperproof.

  4. Update user information in your SSO platform as needed and synchronize the updates back to Hyperproof.

Configure your SSO platform to send groups to Hyperproof. If you are using Okta, assign groups to the Hyperproof app. This triggers the group synchronization between Okta and Hyperproof. Configuring groups is optional.

Configuring SCIM in Hyperproof

If you plan to use SCIM to provision users in Hyperproof, enable SCIM in your Hyperproof organization under Settings.

SSO must be enabled and configured first. Hyperproof supports SCIM using Okta SSO. Depending on where your organization is hosted, see one of the following for instructions on enabling Okta SSO:

Okta SCIM Configuration

In Okta, you must configure the SCIM connection and provisioning. Keep in mind the following:

  • Changes to users are sent from Okta to Hyperproof. If you change a user's first name, last name, email address, or role in Okta, the change is synchronized to Hyperproof. If you change a user's first name, last name, email address, or role in Hyperproof, the change is synchronized to Okta after an import is performed on the Okta side.

  • If you remove a user from Okta, that user is deactivated in Hyperproof. Be sure to reassign any work assigned to the deactivated user.

  • Hyperproof roles must be assigned to Okta users, or they will receive the default role of Limited access user when provisioned in Hyperproof.

The following features are supported:

  • Import new users and profile updates

  • Push new users

  • Push profile updates

  • Push groups

  • Deactivate users

Check out our article on the help center to learn more:

Provisioning Hyperproof users and groups with SCIM

Related Articles
Settings within Hyperproof
Getting started resources
Managing Audit Issues
Connecting to Hyperproof Snowflake (SSR) using RSA key-pair authentication
Why am I getting an unexpected error indicating invalid request at login?
Did this answer your question?