User provisioning setup with Okta

Introduction

This article explains how to set up user provisioning with Okta using SCIM for NordPass. User provisioning allows you to automatically manage users and groups from Okta in NordPass. Before starting this setup, it is recommended to configure Single Sign-On (SSO) with Okta.

 

Before you start:

  • You need to have access to the Enterprise NordPass Business Admin Panel.
  • You need to have Admin rights in your Okta account.
  • You need to have the Okta Core Essentials plan or the Okta Starter with the Lifecycle Management add-on
  • We recommend setting up the SSO connection between NordPass and Okta.

 

Here's what to do

  1. Log in to your Okta account.
  2. Go to “Applications” then click “Applications” in the drop-down.
  3. Click "Create App Integration".
  4. Select "SWA – Secure Web Authentication" and click "Next".
  5. Enter the app name (we recommend "NordPass Provisioning").
  6. Enter the App’s login page URL (this URL is not relevant for the integration).
  7. Click "Finish" to create the application.
  8. Open the NordPass Admin Panel.
  9. Go to “Integrations” and select “Okta”.
  10. Click “Get Credentials”
  11. In the opened window, copy and save the Base URL and Secret token shown. You will need these later.
  12. Return to Okta and go to Applications → Applications.
  13. Select the newly created application.
  14. Open the General tab and click "Edit".
  15. Select "Enable SCIM Provisioning" and click "Save".
  16. Open the newly visible Provisioning tab.
  17. Go to Provisioning → Integration.
  18. In the SCIM connection base URL field, paste the Base URL from the NordPass Admin Panel.
  19. In the Unique identifier field for users, enter email.
  20. Select "HTTP Header" as the Authentication Mode.
  21. In the Bearer field, paste the Secret token from the NordPass Admin Panel.
  22. Under Supported provisioning actions, select:
    • "Push New Users"
    • "Push Profile Updates"
    • "Push Groups"
  23. Click "Test Connection Configuration" and confirm that you see the message "Connector configured successfully".
  24. From the application side menu, select "To App".
  25. Click "Edit".
  26. Select the following options:
    • "Create Users"
    • "Update User Attributes"
    • "Deactivate Users"
  27. Click "Save".

 

Additional tips

  • To provision groups from Okta, group provisioning must be enabled in NordPass.
  • Group provisioning requires deploying the Encryption service, which allows NordPass to maintain its zero-knowledge architecture.
  • Follow the Group provisioning setup with the Okta guide to complete the group provisioning configuration.

Was this article helpful?