Skip to main content

Okta SCIM Attribute Instructions

S
Written by Shannon DeLange
Updated this week

If you’re using SCIM to manage both users and Teams, we recommend using Assignments for automating role assignment and Push Groups for synching Team membership.

Map User Roles with Custom Attributes in Okta

  • Follow the Directory Sync setup instructions until Step 3: Set up Attribute Mapping. This is where we will map an Okta attribute to the Vanta rbac_role_id attribute. In this example, we will use a custom attribute named vanta_role.

  • First, let’s set up the role attribute in Okta.

  • In your Okta account, go to Directory, followed by Profile Editor, and find your app.

    Screenshot 2024-07-09 at 11.35.39 AM.png

  • Click + Add attribute

Screenshot 2024-07-09 at 11.38.03 AM.png

  • In the modal that opens, fill in the attribute properties.

  • Set the Variable name and External name to the name you’ve chosen for your custom attribute

  • The External namespace must be

    urn:ietf:params:scim:schemas:core:2.0:User

  • Select Define enumerated list of values and fill in the attribute members with each Vanta role you want to enable through SCIM.

  • If you leave the type of attribute as Personal, then when you assign a user to the application, you will be able to select their role.

  • If you prefer, you may also make it a Group attribute and a group for each role. When you assign each group to the application, set the attribute under the role you wish to assign to the group.

Provision Vanta Teams Using Push Groups in Okta

You can automatically provision users into the correct Vanta Teams using SCIM and Push Groups from Okta. This helps keep your team structure in sync with your identity provider and ensures each user gets the right access levels based on their assigned group.

To get started, make sure:

  • Okta is connected as your Identity Provider (IDP)

  • Enabled SCIM provisioning in your Login & Security settings

You can follow the Connect Vanta & Okta guide if you haven’t done that yet.

Navigate to your SCIM App in Okta

  • From the Okta Admin Console, go to Applications

    Applications point Okta.png

  • Click Browse Catalogue and select the SCIM 2.0 Test App (OAuth Bearer Token) or your existing SCIM app connected to Vanta.

  • Click Add Integration

  • Complete the setup steps, then click Done

Configure SCIM API Integration in Okta

  • In Okta, open your Vanta application

  • Go to the Provisioning tab

  • Click Configure API Integration

  • Check Enable API Integration

  • In Vanta’s Admin Portal, copy the SCIM API Endpoint and Bearer Token

  • Paste these into Okta

  • Click Test API Credentials to confirm the connection

  • Click Save

Screenshot 2025-04-16 at 1.33.28 PM.png

Assign Users to Teams with Push Groups

To map Okta groups to Vanta Teams, you’ll use Push Groups. This ensures that each group in Okta creates or syncs to a matching team in Vanta.

  • In Okta, navigate to Groups and create team-specific groups that reflect your Vanta team structure (e.g., “Security Team” or “Engineering”)

  • Add users to the appropriate groups in Okta

    Screenshot 2025-04-16 at 1.35.12 PM.png

  • Go back to your SCIM app in Okta

  • Under Push Groups, select Push Groups to SCIM App

  • Choose each group you want to sync and push them

  • Once synced, Vanta will automatically create matching teams and assign users accordingly

Related Articles
JumpCloud SCIM Attribute Instructions
Azure SCIM Attribute Instructions
Enabling SCIM in Vanta
Connecting Vanta & Okta
Controlling Scope Through Okta