Okta Directory Service (SCIM 2.0)

The Okta directory service integration is one of our most popular. Once integrated, Okta will (periodically and on certain changes) push your Okta account's users and groups to Border0. Border0's users and groups will be synchronized with Border0 taking into account name or email changes for users, and name or membership changes for groups.

Integration Instructions

  • [1] Select "Team" from the Border0 menu (left-side pane) on the Portal
  • [2] Select "Directory Services" from the Organization Settings page
  • [3] In this page you will find a table where each row represents a directory service. Click on the "+ Add Directory Service" button
  • [4] Select the "Okta SCIM 2.0" option
  • [5] Give your directory service a friendly display name
  • [6] Click submit
  • [7] Upon creation of your new directory service, a token will be created. This token will be used by Okta to authenticate itself against your Border0 organization. The token is only allowed to manage users and groups associated with this specific integration. You may copy the token to your clipboard for later use by clicking the "Copy Token" button. Note that we won't use this token until later, so you may want to avoid navigating away.
  • [8] In a new browser tab navigate to https://{YOUR_OKTA_DOMAIN}-admin.okta.com where YOUR_OKTA_DOMAIN represents your own Okta organization's domain. Click on the Applications option on the left side drawer.
  • [9] From there, click on the "Browse App Catalog" button
  • [10] In the App Catalog, search for "SCIM 2.0 OAuth"
  • [11] Select the "SCIM 2.0 Test App (OAuth Bearer Token)" option
  • [12] On the next page, click on + Add Integration
  • [13] Give your application a name that identifies it as Border0. We also recommend ticking off the "Do not display application icon to users" option.
  • [14] On the next page, leave all settings as they are. The bottom of the page should look the same as below
  • [15] Once on the new application page, click on the provisioning tab, and click on the "Configure API Integration" button, you should enter the SCIM 2.0 Base URL https://api.border0.com/api/v1/scim and the directory service token you got in step (7) from the Border0 portal. We recommend ticking "Import Groups" if you only wish to push Okta groups to Border0 and not vice versa.
  • [16] When you click "Save", more options will appear on the page. Click "edit" and tick on (enable) the 3 options below. Click save after you have toggled them on.
  • [17] Next you should navigate to the "Assignments" tab where you can assign users and groups to the application. This will only push users assigned individually or who are members of the assigned groups. In order to push groups, you should navigate to the "Push Groups" tab, where you will be able to push groups (including their memberships).


Need more help?

If you have any questions or suggestions on how we could improve our documentation, send us an email at [email protected]