SCIM Integration - Okta

Integrating Row Zero with SCIM ensures that user management stays simple, secure, and consistent. With SCIM, you can automatically provision and de-provision users directly from your identity provider, keeping access in sync without manual updates. This reduces administrative overhead, minimizes the risk of outdated permissions, and gives your team a smoother, more secure onboarding and offboarding experience.

This guide walks you through configuring Row Zero with Okta using SCIM (System for Cross-domain Identity Management). Once set up, any users or groups assigned to the application in Okta will automatically be provisioned into Row Zero.

NOTE: Before configuring SCIM, determine the SSO solution you plan on using.

Step 1: Create the SAML Application with Provisioning

  1. In the Okta "Admin Console", navigate to "Applications --> Applications" scim okta applications
  2. Click on the "Create App Integration" button: scim okta app integration
  3. Select "SAML 2.0" and click the "Next" button: scim okta app integration saml
  4. In the "Create SAML Integration" page, provide the following:
    • For the "App name" type "Row Zero"
    • Find Upload new logo. You can click this link to download the Row Zero logo, and then upload for "App logo"
    • Leave the "Do not display application icon to users" unchecked
    • Click the "Next" button scim okta saml settings
  5. For the "SAML Settings" - "General" page, provide the following:
    • Leave the "Use this for Recipient URL and Destination URL" checked
    • For "Single sign-on URL" type "https://rowzero.com"
    • For "Audience URI (SP Entity ID)" type "N/A"
    • Click the "Next" button scim okta create saml integration
  6. Click the "Finish" button: scim okta create saml integration

Step 2: Configure the SCIM Connection

  1. In the "Row Zero" application, on the "General" tab, click the "Edit" button:
    • For "Provisioning" select "Enable SCIM provisioning"
    • Click the "Save" button scim okta saml settings
  2. In the "Row Zero" application, on the "Provisioning" tab, click the "Edit" button:
    • For "SCIM connector base URL" type "https://scim.rowzero.io/scim/v2"
    • For "Unique identifier field for users" type "userName"
    • For "Supported provisioning actions" select "Push New Users", "Push Profile Updates", and "Push Groups"
    • For "Authentication Mode" select "HTTP Header"
    • For "Authorization" enter the token provided to you by Row Zero
    • Click the "Test Connector Configuration" button and verify success
    • Click the "Save" button scim okta saml settings

Step 3: Enable User Provisioning Features

  1. In the “Row Zero” application, under the “Provisioning” tab, select “Settings —> To App”: scim okta provisioning app
  2. Click the “Edit” link, and select “Create Users”, “Update User Attributes”, and “Deactivate Users” checkboxes: scim okta sync profile
  3. Click the “Save” button: scim okta save button
  4. On the same page, under “Row Zero”, click on the “Go to Profile Editor” button: scim okta go to profile editor
  5. Under the “Attributes” section click on the “Mappings” button: scim okta plus mappings
  6. Select the “Okta User to Row Zero” tab: scim okta to row zero
  7. Select “Do not map” for every mapping other than “userName” and “displayName”: scim okta mappings
  8. Click the “Save Mappings” button: scim okta mappings
  9. Click the "Apply Updates" button

Step 4: Assign Groups and Users

  1. Navigate back to “Applications” → “Applications” and click on the “Row Zero 2.0 App (OAuth Bearer Token)” application: scim okta row zero application
  2. Under the “Push Groups” tab press the “Push Groups” button and select “Find groups by name”: scim okta push groups
  3. Select the “Push group memberships immediately” checkbox, enter the group name(s) you’d like to sync to Row Zero, and when done click the “Save” button: scim okta push groups selection
  4. Under the “Assignments” tab press the “Assign” button and select “Assign to People” for any user in your application that could possibly use Row Zero in order to activate type ahead completion in the secure sharing feature:
    • Note: If Okta makes you populate the “Given name” and “Family name” attributes when assigning the user, populate them with relevant values; ultimately these will be ignored by Row Zero in favor of the display name. scim okta assign users
  5. Under “Assignments” tab press the “Assign” button and select “Assign to Groups” and assign any of the groups defined under the “Push Groups” tab:
    • Note: The “Push Groups” tab tells Okta to sync the group records but not the group membership, the “Assignments” tab in relation to groups tells Okta to sync the members of the group. scim okta assign groups