Skip to main content
Version: 4.7.28

SCIM

Gentrace supports SCIM for user provisioning. We support any SCIM provider via a custom configuration, and test for Okta in particular.

caution

Gentrace only supports SCIM for user provisioning. Group provisioning is not supported, as Gentrace do not have a concepts of groups yet.

Setup

Generally, SCIM setup is quite simple.

After setting up SSO, navigate to security settings and create a SCIM key.

Create SCIM key

Then, use our SCIM server (base URL: https://gentrace.ai/api/scim/v2) and Bearer authentication with the SCIM key to provision users.

Setup with Okta

caution

Okta unfortunately does not allow OIDC and SCIM to be configured in the same application. You'll need to create two applications, one for OIDC and one for SCIM.

Learn more from Okta: SCIM and OIDC in Okta

Step 1: Create SCIM key

After setting up SSO, navigate to security settings and create a SCIM key.

Step 2: Create SAML application in Okta (SAML will not be used)

Create a new SAML application in Okta. Create Okta application

info

We won't actually use the SAML settings; this just allows us to get to SCIM setup.

The only setting that matters here is "Application username"

Fill in:

  • Single sign-on URL: https://gentrace.ai (not used)
  • Audience URI: test (not used)
  • Application username: Email (actually matters)

Configure Okta application

Complete creation.

Step 3: Enable and configure SCIM

In your new Okta app, under "General," press "Edit" and then check the box for "Enable SCIM provisioning." Press "Save."

Enable SCIM provisioning

Navigate to the new "Provisioning" tab and press "Edit."

Fill out the following:

  • SCIM connector base URL: https://gentrace.ai/api/scim/v2
  • Unique identifier field for user: userName
  • Supported provisioning actions: Import New Users and Profile Updates, Push New Users, Push Profile Updates
  • Authentication Mode: HTTP Header
  • Authorization (Bearer): Use the SCIM key from Gentrace

Press "Test Connector Configuration" to validate that the configuration is correct.

Then, press "Save."

Configure Okta SCIM settings

Step 4: Configure SCIM "To App" settings

Under "To App", press "Edit", and change the following settings.

  • Create Users: Enable, and ensure the "default username" is set to "Email."
  • Update User Attributes: Enable.
  • Deactivate Users: Enable.
  • Sync Password: do not enable

Configure Okta SCIM "To App" settings

Step 5: Add users to the app

You may now add and remove users from the application.

If you run into any issues, please get in touch at [email protected].