Okta SCIM integration

In this article

Learn more about the Okta employee provisioning integration and how it can automatically sync employees into your Envoy directory.

To learn more about single sign-on, read our SAML guide.

How does this integration work?

If your team uses Okta for employee provisioning, you can use this integration to automatically keep your Envoy employee directory up to date. The SCIM push-based system treats the Okta directory as your source of truth. When changes are made in Okta, they push immediately to Envoy, so you don’t have to worry about the Envoy employee directory being out of sync with Okta.

Note: You can manually create new employees or add employees from other locations while maintaining your directory sync. This feature is helpful for contractors, temps or other people who may host visitors/receive deliveries but are not core team members. Learn more about manually adding employees.

A few notes on SCIM

The SCIM standard enables advanced provisioning in order to automate user lifecycle management for an application, including account creation, profile updates, authorization settings, and account deactivation.

Enabling the Envoy + Okta employee provisioning integration

Note: You’ll need to have Okta application administrator privileges or higher to complete this integration. To learn more about Okta’s administrator role structure, please view their admin guide. Either become an admin or ask your admin in IT for help before completing these steps:

Step one: Prepare to enable the Envoy + Okta employee provisioning integration (with SCIM)

Decide whether you’d like to sync all users to all locations or sync specific users per location. This will impact how you set up the integration.

Step two: Enable the Envoy + Okta employee provisioning (with SCIM) integration

Note: You’ll need to be an admin on your Okta account to complete this integration. Either become an admin or ask your admin for help before completing these steps:

  1. Go to your Integrations page.
  2. Under Employee directory, find the Okta logo and click “Install.”

Step three: Choose an employee sync filter

When you connect an Okta account, you have two options on how to sync employees to your directory. Choose the one that’s right for you:

  • Sync all employees: This is good for companies with one location, or if you prefer to have the same master Envoy employee directory at all locations within your company. 
  • Sync specific employees per location: Choose this option if you’d like to sync certain Okta users to certain locations (i.e., creating different Envoy employee directories per location). You can filter employees by location in Envoy based on available filters sent from Okta, which are currently “city” and “locale.” 

Step four: Configure Okta settings

  1. In your Okta account, request a new application for Envoy. To do this, you’ll need to be an Okta admin. Okta
  2. Go to the Okta provisioning page, and click “Enable Provisioning.”
  3. Copy the Oauth Bearer Token from Envoy and enter it in the API Token field in Okta.
    1. Make sure that “Create Users,” “Update User Attributes,” and “Deactivate Users” are all set to enable (box checked).
    2. Click “Save” at the bottom of the Okta provisioning page. Okta
  4. Go to the Okta groups page.
  5. Click “Assign to Groups,” and select all employees you’d like to sync to the Envoy employee directory.
    • We recommend selecting “Everyone,” but you can also assign individual employees from the Okta people page.Okta
  6. Navigate back to the Envoy Employee directory > All employees and refresh. Your employees should have imported automatically.

Important notes

Regarding adding employees

  • With the Okta integration enabled, you cannot add employees manually. Please let us know if you’d like the ability to sync and add one-off employees manually.
  • When updating or adding employees, Envoy will match based on the primary email address listed for the Okta user. If the primary email address is not found in Envoy, a new employee will be added to the Envoy employee directory.

Regarding employee contact information

  • The primary email address and phone number listed in Okta will be the email address and phone number listed in the Envoy employee directory.
  • If an Okta user does not have a primary email address, they will not be synced to the Envoy employee directory.

Regarding assistants

  • With Envoy, you can assign assistants that receive host notifications either on behalf of or in addition to their executive. 
  • The Okta employee provisioning integration lets you configure your assistant setting within Okta, saving you from manually assigning assistants within Envoy. Learn more about automatically assigning assistants.