Skip to main content

How to Enable SCIM 2.O Provisioning with Okta

Enable automatic user syncing between Okta and AutoRFP

Saul Bard avatar
Written by Saul Bard
Updated this week

Article Summary

SCIM (System for Cross-domain Identity Management) provisioning enables automatic user creation, updates, and deactivation between Okta and AutoRFP. Once configured, changes you make to users in Okta automatically sync to AutoRFP without manual intervention.

Estimated Time

15-20 minutes

Prerequisites

Before you begin, ensure you have:

Step-by-Step Instructions

Part 1: Connect SCIM

At this point you should already have a SAML application for AutoRFP.ai in Okta. If you haven't done this yet, see How to Configure SAML SSO with Okta.

Part 2: Connect SCIM to Your Okta App

Step 1: Enable Provisioning in Okta

  1. In Okta, open your AutoRFP SAML application

  2. Click the General tab

  3. Click Edit in the App Settings section

  4. Under Provisioning, select SCIM

  5. Click Save

You should now see a Provisioning tab appear in your AutoRFP app.

Step 2: Configure SCIM Connection Settings

  1. Click the Provisioning tab

  2. Click Edit in the SCIM Connection section

  3. Enter your SCIM connector base URL based on your AutoRFP region:

    • app.autorfp.aihttps://api.autorfp.ai/scim/v2

    • eu.autorfp.aihttps://api.eu.autorfp.ai/scim/v2

    • us.autorfp.aihttps://api.us.autorfp.ai/scim/v2

  4. Set Unique identifier field for users to userName

  5. Under Supported provisioning actions, select:

    • ☑️ Push New Users

    • ☑️ Push Profile Updates

  6. Set Authentication Mode to OAuth 2

  7. Set Grant Type to Client Credentials

  8. Enter your Token Endpoint URI based on your AutoRFP region:

    • app.autorfp.aihttps://api.autorfp.ai/oauth/token

    • eu.autorfp.aihttps://api.eu.autorfp.ai/oauth/token

    • us.autorfp.aihttps://api.us.autorfp.ai/oauth/token

  9. Paste your Client ID (generated in AutoRFP)

  10. Paste your Client Secret (generated in AutoRFP)

  11. Click Save

Step 3: Test SCIM Connection

  1. Click Test Connector Configuration

  2. Verify you see a green confirmation message indicating successful connection

If the test fails, double-check your credentials and base URL match your AutoRFP region.

Part 3: Configure SCIM Provisioning Features

Step 1: Enable Provisioning Actions

  1. Stay in the Provisioning tab

  2. Select To App from the left-side menu

  3. Click Edit in the Provisioning to App section

  4. Toggle ON the following features:

    • ☑️ Create Users - New Okta users automatically created in AutoRFP

    • ☑️ Update User Attributes - Profile changes in Okta sync to AutoRFP

    • ☑️ Deactivate Users - Deactivated Okta users lose AutoRFP access

  5. Click Save

Step 2: Configure Attribute Mappings

AutoRFP only supports updating specific user fields via SCIM. While Okta may show additional attributes, AutoRFP's SCIM server will ignore unsupported fields.

We only support updating the following fields:

  • First Name

  • Last Name

  • Username (Email)

  • Job Title

  • Active Status

There is no need to remove all the other attributes since our SCIM server will just ignore them. There is one attribute that is Read Only that we need to set up

Set DisplayName to Read-Only:

  1. In the To App tab, scroll to the Attribute Mappings section

  2. Locate the displayName attribute

  3. Click the pencil icon to edit

  4. Change Apply On from "Create and update" to Create only

  5. Click Save

This ensures DisplayName is only set during initial user creation, not on every sync.

💡 Tips & Best Practices

  • Test the connection before enabling provisioning features

  • Start with a small pilot group to verify sync is working correctly

  • Document your region-specific URLs for future reference

  • Verify your AutoRFP region URL before entering SCIM and token endpoints

✋🏼 Common Mistakes to Avoid

  • Using the wrong regional URL (app vs. eu vs. us)

  • Entering incorrect Client ID or Client Secret

  • Forgetting to set userName as the unique identifier

  • Not testing the connection before enabling provisioning features

  • Not setting displayName to "Create only"

Need Help?

💬 Live Chat: Available in-app

📧 Email: [email protected] or contact your Success Manager directly for urgent support.

📚 Learning Centre: learn.autorfp.ai/en

Related Articles
How to Configure SAML SSO with Okta
How to Configure IDP-Initiated SSO in Okta
How to Integrate with Salesforce
How to Activate SCIM in AutoRFP
How to Enable SCIM 2.0 Provisioning with Microsoft Entra ID
Did this answer your question?