Skip to main content
All CollectionsSecurity & PrivacySecurity
Configure SCIM Provisioning with Okta
Configure SCIM Provisioning with Okta

Provision new users and manage their accounts using Okta as your identity provider.

Colin Bentley avatar
Written by Colin Bentley
Updated over a month ago

This article provides the steps required to configure SCIM Provisioning using Intercom’s Okta app.

Supported Features

  • Import users

    • Users already present in Okta will be created in Intercom.

  • Sync password

    • Users' passwords can be synced from Okta to Intercom.

  • Push New Users

    • New users created through Okta will also be created in Intercom.

  • Push Profile Updates

    • Updates made to the user's profile through Okta will be pushed to Intercom.

  • Push User Deactivation

    • Deactivating the user or disabling the user's access to the application through Okta will deactivate the user in Intercom.

  • Reactivate Users

    • User accounts can be reactivated in the application.


Important notes💡

  • Teammates in Intercom today can be one of two states; active or deleted. Intercom does not support any soft-deleted/de-activated/archived state for teammates.

  • Where a teammate is not active in your identity provider, this teammate's account will be deleted from the Intercom workspace.

  • Intercom considers email addresses as case insensitive.

  • SCIM Provisioning is only available with certain Intercom plans. See our plans and pricing here.


Requirements

In Okta, please ensure your password policy requires at least 10 characters. To change this, please visit the Authentication section within Security settings.

In Intercom, Before you configure SCIM provisioning, you must first configure SAML SSO.

Then, you must follow the setup steps below. The following items will be provided by Intercom in your security settings:

  • SCIM 2.0 Base URL

  • API Token


Installing the Okta App

In Okta,

  1. Open Applications

  2. Select Browse App Catalog

SCIM Configuration Steps

In Okta,

On the Provisioning tab:

1. Check the Enable provisioning features box

2. Click on Configure API Integration

3. In Intercom, follow the configuration steps outlined here in your Intercom workspace here.

4. In Okta,

Check Enable API integration,

Enter the Base URL and API Token provided from the Intercom workspace,

Click Test API Credentials.

5. A success message should appear.

6. Click Save

7. Select To App in the left panel then click Edit

8. Enable Create users

9. Enable Update User Attributes

10. Enable Deactivate Users

11. Enable Sync Password (optional)

12. Click Save

Note: You must select Email for the Application username format on the Sign On application tab in Okta because the SCIM userName attribute value for this app follows an email address format.


Select users to be provisioned in Intercom

The Assignments tab will let you provision your Okta users to Intercom. The Assignments tab will not send any group to Intercom. It will only provision users inside groups.


Troubleshooting

Please start a conversation in the messenger or email team@intercom.com if you encounter any issues.


💡Tip

Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts


Did this answer your question?