All Collections
Admin Settings
Okta SSO Configuration
Okta SSO: Applying SCIM Provisioning
Okta SSO: Applying SCIM Provisioning
Written by Rachel DeMarco
Updated over a week ago

SCIM (System for Cross-domain Identity Management) is an SSO authentication protocol that Agora supports.

To apply SCIM provisioning for Okta SSO configuration:

  1. Navigate to the Provisioning tab and click Configure API Integration.

  2. Check the Enable API integration box.

  3. Navigate to Agora, keeping Okta open in another tab.

  4. On the bottom-left of your Agora dashboard, click Settings.

  5. Navigate to Organization > API Keys, keeping Okta open in another tab.

  6. To create an API Key:

    1. Click New Key.

    2. Enter the Key Description.

    3. Click Create. Once the key is generated and you exit out of this page, you can't retrieve the API key again. If you lose or forget your API key, repeat steps 1-6 to create a new key and deactivate the old one.

  7. To deactivate an API key:

    1. Click the Deactivate button associated with the relevant API Key.

    2. From the confirmation window, click Deactivate.

  8. Copy your API key by clicking the Copy icon.

  9. Navigate back to Okta.

  10. Paste the API Key in the API Token field.

  11. To test the API key, click Test API Credentials.

  12. Once the provisioning of the API key is confirmed, click Save.

  13. You will be brought to the To App tab. Within the Provisioning to App section:

    1. Click Edit.

    2. To enable the creation of users in Agora when assigning the app via Okta, check the Enable box associated with Create Users. Users created with this feature will have no permissions set in Agora by default. In order to assign those users to the correct permission groups, see step 4dii under Okta SSO: Assigning Users.

    3. To enable Okta to update a user’s attributes in Agora when the app is assigned, check the Enable box associated with Update User Attributes. Future attribute changes made to the Okta user profile will automatically overwrite the corresponding attribute value in Agora.

    4. To enable Okta to deactivate a user’s Agora account when they are unassigned via Okta or their Okta account is deactivated, check the Enable box associated with Deactivate Users. Users deactivated with this feature will still exist in Agora in a disabled state and can continue to be found in the Users page within Settings. For more information, see User Level Permissions.

    5. Click Save.

      Note: The following features are not supported: Group Provisioning, meaning groups from Okta will not be propagated into Agora, and Group Importing, meaning groups and permissions from Agora will not be propagated into Okta.

Did this answer your question?