Skip to main content

Okta Setup Guide

  • Updated

 

Please follow the steps below to set up SCIM (System for Cross-domain Identity Management) to provision users in Wisq. Once connected, user provisioning will be automatically managed based on assignments in Okta. If you have any questions about these steps, please contact your Wisq Agent Strategist for assistance.

Prerequisites

Before you begin, ensure you have:

  • Admin access to your Okta tenant

You will be provided the following by Wisq via Proton Mail:

  • SCIM connector base URL
  • Client ID
  • Client Secret
  • SCIM Username
  • SCIM Password
  • Access token endpoint URI
  • Authorization endpoint URI

Setup Steps

1. Enable SCIM Provisioning in Okta

  • Log into your Okta Admin Console
  • Navigate to ApplicationsApplications
  • Find and click on your Wisq application
  • Click on the General tab
  • In the Provisioning section, click Edit
  • Select SCIM as the provisioning method
  • Click Save

2. Configure SCIM Provisioning

  • Navigate to Provisioning > Integration
  • Click Edit in the SCIM Connection section
  • Enter the provided SCIM connector base URL
  • Select OAuth 2 for the authentication mode
  • Set the Unique identifier field for users to userName
  • Check Push New Users and Push Profile Updates
  • Set Authentication Mode to OAuth 2

3. Configure OAuth 2 Authentication

  • Enter the provided Access token endpoint URI
  • Enter the provided Authorization endpoint URI
  • Enter the provided Client ID 
  • Enter the provided Client Secret
  • Click Save

4. Authenticate the SCIM Connection

  • After clicking Authenticate with Wisq a pop up window will appear asking you to log in. Enter the credentials provided via Proton
  • Click Sign in
  • If prompted, click Allow or Authorize to grant permissions. You should see a success message confirming the connection

5. Enable Provisioning Actions

  • In the Provisioning tab, click To App in the left sidebar
  • Click Edit in the provisioning settings
  • Enable Create Users, Update User Attributes, Deactivate Users
  • Click Save

6. Define Mappings

Okta will auto-map common fields (e.g., userName, givenName, familyName, email, etc). The more info you send via SCIM, the better equipped Harper is at answering user questions. We recommend sharing these standard attributes:

  • First name (Given Name)
  • Last name (Family Name
  • Email (Primary Email)
  • Job title (Title)
  • Street Address (addresses.streetAddress)
  • City (addresses.locality)
  • State (addresses.region)
  • Country Code (addresses.country)
  • Cost Center (user.costCenter)
  • Full Time / Part Time (user.userType)

In Provisioning > To App you’ll see Attribute Mappings. Please verify all the attributes above are present, and add them if any are missing.

7. (Optional) Custom Attributes

If you’d like to send additional user attributes to Wisq via SCIM, you can add custom attributes to the Wisq app profile in Okta and map them to Wisq using the following SCIM extension format:

urn:ietf:params:scim:schemas:extension:wisq:1.0:User:$CustomAttribute

Replace $CustomAttribute with your custom attribute name (for example: employeeId, departmentCode, managerEmail, etc.).

1. Add the custom attribute(s) to the Wisq App User Profile

  • Navigate to Directory > Profile Editor 
  • Find and select your Wisq application 
  • Click Profile 
  • Click Add Attribute 
  • Create the attribute: 
    • Display name: (human-friendly label, e.g., “Employee ID”) 
    • Variable name: (Okta internal name, e.g., employeeId) 
    • Type: string (or the appropriate type) 
    • External name: (Example) urn:ietf:params:scim:schemas:extension:wisq:1.0:User:employeeId 
    • Cllick Save

Repeat for each custom attribute you want to send to Wisq.

2. Map Okta user attributes to the Wisq app attributes

  • Open the Mappings for the Wisq app 
  • Select the mapping direction Okta User → Wisq 
  • For each custom attribute you added: 
    • Map it from the appropriate Okta user field
    • or Use an Okta expression if needed (for example, to transform a value) 
  • Click Save Mappings

3. Verify SCIM is updating profiles

  • Navigate to Applications → Applications → Wisq → Provisioning → To App 
  • Confirm Push Profile Updates / Update User Attributes is enabled 
  • Assign (or re-assign) a test user to the Wisq app and confirm the custom attributes appear in Wisq.

Custom attributes will only be sent if they are added to the Wisq app profile and mapped (adding them without mapping won’t send them). If you update the mapping, make sure profile updates are enabled so Okta will push changes to Wisq.