Okta SCIM User & Group Sync Configuration
For an overview of the Okta configuration process, see this article.
Supported Features
If you would like to sync users and groups from Okta to Twingate, you need to set up SCIM. To do this, you must first set up the Twingate application from Okta’s Integration Catalog.
The following SCIM provisioning features are supported
- Create users in Twingate from Okta
- Update user attributes in Twingate from Okta
- Deactivate users in Twingate that have been deactivated in Okta or removed from the Okta Twingate app
- Group push from Okta to Twingate
Requirements
Okta SCIM-based provisioning is supported for Twingate customers on the Business and Enterprise tiers.
Configuration Steps
1. In your existing Twingate app under the Provisioning tab, click Configure API Integration

2. Copy the SCIM Token from the Admin Console
Note that you don’t need to specify the SCIM endpoint in the Twingate Okta app as this was configured when you first installed the application.

3. Enable API Integration and paste in the SCIM Token from Twingate
“Test API Credentials” will succeed if the token is entered correctly.

4. Under the Provisioning tab, enable all 3 options shown below, then click Save
Do not change SCIM Attribute Mappings.
Users who were previously assigned to the Okta Twingate app will immediately be synced to Twingate.
Provision groups and group memberships
1. Under the Push Groups tab, click Push Groups button, then select Find groups by name

2. Search for the group name, select it and then click Save

Suggestion
Only users that have already been assigned to the app, and thus provisioned to Twingate, will be added to the group membership correctly. To guarantee that all users from the group will sync correctly, you should assign the group to the app.

Last updated 3 minutes ago