Configure SCIM with Okta

Brief Overview

WalkMe supports SCIM (System for Cross-domain Identity Management) provisioning through Okta. You can use either the WalkMe Okta App or the SCIM 2.0 Test App (Header Auth) to automatically add and remove users in your organization.

How It Works

There are two ways to set up SCIM:

1. Okta app
2. SCIM 2.0 Test App (Header Auth)

Use Okta app

WalkMe is available as an app in the Okta Integration Network, allowing you to enable user provisioning directly through Okta.

Before you start

1. Add the WalkMe app in Okta
2. Set up Okta SSO for your WalkMe account

Step 1: Enable SCIM in WalkMe

1. Sign in to the WalkMe Admin Center
2. Go to IDP Integrations select SCIM Integration
3. Select + Create SCIM Integration
4. Enter the following details:
   1. Integration Name: Enter a descriptive name for the integration, for example: Okta SCIM
   2. Authorization Type: Select Basic Authentication
   3. User Name: Enter the username that will be used by Okta for authentication
   4. Password: Enter a strong password that will be your SCIM API key
5. Select Create

Step 2: Configure API Integration

1. In Okta, open the WalkMe app
2. Go to Provisioning and select Configure API Integration
3. Select Enable API Integration
4. Enter the following:
   1. Base URL
      1. For US tenants: https://papi.walkme.com/deepui/api/scim/v2
      2. For EU tenants: https://eu-papi.walkme.com/deepui/api/scim/v2
   2. API Token: Enter your SCIM API key from WalkMe Admin Center (The API should be Basic <base64(user:password>)
5. Select Test API Credentials
6. If successful, a verification message appears
   Note

   If the verification fails, make sure SCIM is enabled, the API key is correct, and the tenant region (US or EU) matches. If the issue continues, contact WalkMe Support.

7. Click Save

Step 3: Set provisioning features

The WalkMe Okta app supports the provisioning features listed in the WalkMe SCIM Provisioning Overview.

To turn these features on or off, do the following:

1. In Okta, open the WalkMe app
2. Select To App on the left panel
3. Select Edit
4. Enable or disable the features you need
5. Select Save

Use the SCIM 2.0 Test App (Header Auth)

If you prefer to set up SCIM manually, you can use the SCIM 2.0 Test App (Header Auth) in the Okta Integration Network.

Before you start

1. Set up Okta SSO for your WalkMe account

Step 1: Enable SCIM in WalkMe

1. Sign in to the WalkMe Admin Center
2. Go to IDP Integrations select SCIM Integration
3. Select + Create SCIM Integration
4. Enter the following details:
   1. Integration Name: Enter a descriptive name for the integration, for example: Okta SCIM
   2. Authorization Type: Select Basic Authentication
   3. User Name: Enter the username that will be used by Okta for authentication
   4. Password: Enter a strong password that will be your SCIM API key
5. Select Create

Step 2: Add SCIM 2.0 Test App (Header Auth) in Okta

1. Open the Okta Admin Console in a new tab
2. Go to Applications and select Browse App Catalog
3. Search for SCIM 2.0 Test App (Header Auth)
4. Select Add Integration
5. Enter a name for the app and select Next, then Done

Step 3: Configure API Integration

1. In Okta, open the SCIM 2.0 Test App (Header Auth)
2. Go to Provisioning and select Configure API Integration
3. Select Enable API Integration
4. Enter the following:
   1. Base URL
      1. For US tenants: https://papi.walkme.com/deepui/api/scim/v2
      2. For EU tenants: https://eu-papi.walkme.com/deepui/api/scim/v2
   2. API Token: Enter your SCIM API key from WalkMe Admin Center
5. Select Test API Credentials to verify
6. Select Save

Step 4: Set provisioning features

The SCIM 2.0 Test App supports the same provisioning features listed in the WalkMe SCIM Provisioning Overview. The app supports creating, updating, and deactivating users, as well as syncing group data.

To turn these features on or off, do the following:

1. In Okta, go to SCIM 2.0 Test App (Header Auth)
2. Select Provisioning and then select To App on the left panel
3. Select Edit
4. Enable the following features:
   1. Create Users
   2. Update User Attributes
   3. Deactivate Users
5. Select Save
6. In the Attribute Mappings section make sure only the following are mapped (remove other attributes if present):
   1. Username
   2. Given Name
   3. Family Name

Assign users to WalkMe in Okta

We recommend syncing groups from Okta to keep permissions and memberships updated.

To assign users or groups to WalkMe:

1. Sign in to the Okta Admin Console
2. Go to Applications and select the WalkMe app
3. Select Assignments
4. Select Assign, then Assign to People or Assign to Groups
5. Search for users or groups and select Assign

Push groups from Okta to WalkMe

You can use group push to sync Okta groups with WalkMe.

Link an existing WalkMe group

You can link an existing WalkMe group to an AD or Okta group.

1. In Okta, open the WalkMe app
2. Go to Push Groups and select By Name
3. Search for an existing WalkMe group and select Link Group
4. Turn on Push group membership immediately
5. Select Save
6. Confirm the group status is Active

Create a new WalkMe group

To create a new group in WalkMe using an Okta or AD group:

1. In the Okta Admin Console, open the WalkMe app
2. Go to Push Groups and select By Name
3. Enter a group name and select Create Group
4. Turn on Push group membership immediately
5. Select Save
6. Confirm the group appears as Active under the All tab