Search for anything

Configure SCIM with Okta

Last Updated February 5, 2026
Share Article Copy link to clipboard

WalkMe Products

WalkMe Learning Arc

Brief Overview

WalkMe supports SCIM (System for Cross-domain Identity Management) provisioning through Okta. You can use either the WalkMe Okta App or the SCIM 2.0 Test App (Header Auth) to automatically add and remove users in your organization.

Note

You must be a WalkMe Admin to enable SCIM for your organization.

How It Works

There are two ways to set up SCIM:

  1. Okta app
  2. SCIM 2.0 Test App (Header Auth)

Use Okta app

WalkMe is available as an app in the Okta Integration Network, allowing you to enable user provisioning directly through Okta.

Supported features

The following features are supported:

  • Create users
  • Update user attributes
  • Deactivate users
  • Group push

Before you start

  1. Add the WalkMe app in Okta
  2. Set up Okta SSO for your WalkMe account

Step 1: Enable SCIM in WalkMe

  1. Sign in to the WalkMe Admin Center
  2. Go to IDP Integrations select SCIM Integration
  3. Select + Create SCIM Integration
  4. In the Create SCIM integration panel, enter the following:
    1. Integration Name: Enter a descriptive name for the integration, for example: Production, Staging, Okta Integration
    2. Authorization Type: This is preset to Basic Authentication and can't be changed
  5. Select Generate Details
  6. A popup opens displaying the SCIM credentials generated for this integration:
    1. SCIM base URL: The endpoint URL used to configure SCIM in your identity provider
    2. Username: The auto-generated username for authentication
    3. Password: The auto-generated password for authentication
      Note

      The password is shown only once, after closing the popup, it can't be retrieved. If you lose the password, you must delete the integration and create a new one.

  7. Copy the credentials and keep them available for the Okta setup
  8. Select Done to complete the SCIM integration setup in WalkMe

Step 2: Configure API Integration

  1. In Okta, open the WalkMe app
  2. Go to Provisioning and select Configure API Integration
  3. Select Enable API Integration
  4. Enter the following:
    1. Base URL: This field is read-only and will be automatically populated based on the Region selected during the initial application configuration
    2. API Token: Enter your SCIM API key from WalkMe Admin Center (The API should be Basic <base64(user:password>)
  5. Select Test API Credentials
  6. If successful, a verification message appears

    Note

    If the verification fails, make sure SCIM is enabled, the API key is correct, and the tenant region (US or EU) matches. If the issue continues, contact WalkMe Support.

  7. Click Save

Step 3: Set provisioning features

The WalkMe Okta app supports the provisioning features listed in the WalkMe SCIM Provisioning Overview.

To turn these features on or off, do the following:

  1. In Okta, open the WalkMe app
  2. Select To App on the left panel
  3. Select Edit
  4. Enable or disable the features you need
  5. Select Save

Note

Learn how to assign users below.

Use the SCIM 2.0 Test App (Header Auth)

If you prefer to set up SCIM manually, you can use the SCIM 2.0 Test App (Header Auth) in the Okta Integration Network.

Note

We recommend using the WalkMe Okta App for easier setup.

Before you start

  1. Set up Okta SSO for your WalkMe account

Step 1: Enable SCIM in WalkMe

  1. Enable the SCIM in WalkMe and generate a SCIM API key as described above

Step 2: Add SCIM 2.0 Test App (Header Auth) in Okta

  1. Open the Okta Admin Console in a new tab
  2. Go to Applications and select Browse App Catalog
  3. Search for SCIM 2.0 Test App (Header Auth)
  4. Select Add Integration
  5. Enter a name for the app and select Next, then Done

Step 3: Configure API Integration

  1. In Okta, open the SCIM 2.0 Test App (Header Auth)
  2. Go to Provisioning and select Configure API Integration
  3. Select Enable API Integration
  4. Enter the following:
    1. Base URL
      1. For US tenants: https://papi.walkme.com/deepui/api/scim/v2
      2. For EU tenants: https://eu-papi.walkme.com/deepui/api/scim/v2
    2. API Token: Enter your SCIM API key from WalkMe Admin Center
  5. Select Test API Credentials to verify
  6. Select Save

Step 4: Set provisioning features

The SCIM 2.0 Test App supports the same provisioning features listed in the WalkMe SCIM Provisioning Overview. The app supports creating, updating, and deactivating users, as well as syncing group data.

To turn these features on or off, do the following:

  1. In Okta, go to SCIM 2.0 Test App (Header Auth)
  2. Select Provisioning and then select To App on the left panel
  3. Select Edit
  4. Enable the following features:
    1. Create Users
    2. Update User Attributes
    3. Deactivate Users
  5. Select Save
  6. In the Attribute Mappings section make sure only the following are mapped (remove other attributes if present):
    1. Username
    2. Given Name
    3. Family Name

Assign users to WalkMe in Okta

We recommend syncing groups from Okta to keep permissions and memberships updated.

To assign users or groups to WalkMe:

  1. Sign in to the Okta Admin Console
  2. Go to Applications and select the WalkMe app
  3. Select Assignments
  4. Select Assign, then Assign to People or Assign to Groups
  5. Search for users or groups and select Assign

Push groups from Okta to WalkMe

You can use group push to sync Okta groups with WalkMe.

You can link an existing WalkMe group to an AD or Okta group.

  1. In Okta, open the WalkMe app
  2. Go to Push Groups and select By Name
  3. Search for an existing WalkMe group and select Link Group
  4. Turn on Push group membership immediately
  5. Select Save
  6. Confirm the group status is Active

Create a new WalkMe group

To create a new group in WalkMe using an Okta or AD group:

  1. In the Okta Admin Console, open the WalkMe app
  2. Go to Push Groups and select By Name
  3. Enter a group name and select Create Group
  4. Turn on Push group membership immediately
  5. Select Save
  6. Confirm the group appears as Active under the All tab

Troubleshooting

Base URL issues

  • Ensure the correct region (US or EU) is selected in the General tab
  • The Base URL is read-only in the Provisioning tab and is automatically updated based on the selected region
  • If you see a routing error, verify your WalkMe tenant's physical location

Authentication errors (401 Unauthorized)

  • WalkMe uses Basic Authentication disguised as a token for this integration
    • In Okta, the API Token field must contain the credentials generated in the WalkMe Admin Center
    • If the connection fails, verify that you copied the correct username and password from the WalkMe SCIM settings

Attribute mapping issues

  • If specific user fields are not syncing, go to Provisioning > To App and review the attribute mappings
  • Ensure that the WalkMe target attributes are mapped to the corresponding Okta user profile fields

User not created

  • Check the Okta System Logs for specific error codes
  • Common issues include:
    • Missing mandatory fields (such as email or username)
    • Uer already existing in WalkMe with the same identifier

Was this article helpful?

Yes No
Yes
No
Thanks for your feedback!

WalkMe Products

WalkMe Learning Arc

Related Articles

Be part of something bigger.

Engage with peers, ask questions, share ideas

Ask the Community
×