Okta SCIM Provisioning
This feature is only available if your organization is on a Business or Enterprise plan. This feature is not available on Trial plans.
- Create users
- Deactivate users
- Push groups
- Import groups
Okta SCIM provisioning requires:
- A subscription to Sentry Business Plan or higher.
- Configuration of SAML SSO for Okta as documented here, or use the Okta sign-on tab in your Sentry Okta application to configure SAML.
- Selection of Email for the Application username format in the Sign On application tab in Okta.
- Sign in to sentry.io. Select Settings > Auth
- Under General Settings select "Enable SCIM", then "Save Settings" Sentry will display "SCIM Information" that contains your Auth Token and SCIM Base URL.
Sign in to your Okta organization with your administrator account. From the admin console's sidebar, select Applications > Applications, then select the existing Sentry application.
Select "Enable API Integration", enter the SCIM URL from the auth settings page as the Base URL field. For the API Token, copy the Auth Token value from the auth settings page.
Select "Test API Credentials", and confirm the message "the app was verified successfully" displays.
Select "Save" to be directed to SCIM App settings.
Enable both "Create Users" and "Deactivate Users", then "Save" your changes.
As a result of these changes, users who are assigned will be sent an invitation email. When a user is un-assigned, their membership object in Sentry will be deleted.
You can use "Push Groups" to sync and assign groups in Okta; they will be reflected in Sentry teams.
- Sentry does not currently support setting any User attributes other than
- The Import Users feature is not currently supported. Sentry's SCIM API does not at this time support the User
lastName. Instead, we return these with values of
N/Afor compatibility purposes.
falseon a User will delete the organization member record associated with the user.
- The only filter operation supported for resources is
- When provisioning a new team, Sentry will both normalize and convert the team
displayNameuppercase to lowercase, and convert spaces to dashes.
- The GET /Groups endpoint will return a maximum of 10000 members in a group, see SCIM API documentation for more information.