How to set up SCIM on Okta

IT departments are often responsible for managing many software products and applications for their organizations. IT admins need the ability to automatically sync user information for all the applications an employee may use. The System for Cross-domain Identity Management (SCIM) developed from this need as a way to reduce mistakes and inconsistencies between identity ecosystems.

What features are supported with SCIM

With SCIM enabled, you can:

  • add new users,
  • update user attributes
  • map attributes to Calendly groups, and
  • deactivate users

Before you start...

  • SCIM is only available for accounts on our Enterprise plan. 
  • SAML Single Sign-On (SSO) must be setup before SCIM can be setup. See How to configure Okta SAML SSO to learn more.

 

To set up SCIM for your organization with Okta’s identity security platform:

  1. Sign in to Okta.

  2. Go to Applications and select Applications.

  3. Search for the Calendly application and select it.

  4. Select the Sign On tab and ensure the Application username format is set to Email.

    9090df06-26ab-4da4-9a71-7095e3590db0.png

  5. Select Configure API Integration.

  6. Select Enable API integration.

  7. Sign in to calendly.com.

  8. Go to your Admin center, select Login, then select Single sign-on.

  9. Turn on SCIM Provisioning.

  10. Select Copy base URL and paste it into the Base Url field in Okta.

  11. In Calendly, select Generate bearer token, then select Copy token.

  12. Paste the token into the API Token field in Okta.

  13. Select Test API Credentials. You should see a success message. Then select Save.

  14. Select To App under Settings on the right.

  15. Select Edit.

  16. Select Enable for Create Users, Update User Attributes, and Deactivate Users. Then select Save.

  17. Under Attribute Mappings, remove all attributes except Username, Given name, Family name, Primary email, and Display name.

    KB_OctaSCIMAttributes_30APR2021.png

  18. Select the Assignments tab.

  19. Assign the people in your organization who should have access.

Assigning users to groups

For larger organizations, managing group membership in Calendly may require some level of automation. This can be achieved through SCIM by utilizing existing attributes of a user’s profile and mapping that value to a Calendly group. Read more about how to use groups here.

NOTE: Once you configure Map to groups, you will no longer be able to manage groups manually. This assumes user group membership is sourced from your identity provider.

  1. Create a new attribute with the following parameters:oktagroup.png
    • Display name: Calendly group
    • External name (attribute): group
    • External namespace: urn:calendly:scim:schemas:2.0:User
    • Attribute type: User
  2. Create a new mapping from a source attribute of your choosing to the newly created attribute for provisioning.oktagroup2.png
  3. Once the mapping has been saved, provision a user to Calendly using your typical provisioning process.
  4. Inside your Calendly application, under Organization setting -> Single sign-on, click the optional Map to groups button.
  5. In the left column, type in the exact value(s) from your identity provider’s profile. 
  6. In the right column, either select an existing Calendly group or start typing to create a new group on the flow.calgroup.png

You can then Preview and Save your new provisioning!

Adding seats over capacity

If you try to get more licenses than your organization has seats for, you'll see a message stating that you're over capacity.

If you’re paying for your subscription via invoice and need to add more seats, contact support by opening a new request on our Contact Us page. If you're paying with a credit card, you can add seats directly from the Billing Page.