# Okta User provisioning

{% hint style="warning" %}
This integration with Okta is currently under development and is not available to customers yet. Contact to learn more.
{% endhint %}

### Supported features

* **Create users:**
  * Creates new users in Currents when assigned to the Okta app. 
  * Users won't appear in the Currents team member list until they login.
* **Update user attributes:** 
  * Currents accepts name updates for users.
* **Deactivate users:** 
  * Prevent the user from logging into Currents
  * Deactivated users are removed from the Currents team member list.
* **Import users:** 
  * Link your existing Currents users to their Okta profile.

For more information on the listed features, visit the [Okta Glossary](https://help.okta.com/okta_help.htm?type=oie\&id=ext_glossary).

### Requirements

Provisioning is available for customers with an active subscription. 

In order to setup provisioning you first need to:

* Setup the the  [Okta integration for SAML](https://docs.currents.dev/~/changes/TYKBeqcc7WyqjmgOzWzB/dashboard/administration/sso-saml2.0/okta). 
* Reach out to the Current support team to have provisioning enabled for your organization.

 Please follow the guide below to enable the provisioning integration.

### Configuration Steps

#### In Currents

* Login as an Admin and navigate to the **Manage Team** page.

<figure><img src="https://3745692499-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqmFDEiUa9mr11LUlxDnt%2Fuploads%2Ffa3A6kvWVnkhxH3Sonth%2FScreenshot%202024-07-25%20at%209.30.26%E2%80%AFAM.png?alt=media&#x26;token=acd3c5d5-b4ff-4dda-ac84-51fb5e376a04" alt=""><figcaption><p>Navigate to Manage Team page</p></figcaption></figure>

* Click the **Show SCIMv2 Details**  button in the **DOMAIN ACCESS & SSO** section of the page.

<figure><img src="https://3745692499-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqmFDEiUa9mr11LUlxDnt%2Fuploads%2Fuixr3DigvWLwHCeopenx%2Fscim-admin-dash.png?alt=media&#x26;token=8e8df0ed-4e97-4f83-92a6-8e263c802adc" alt=""><figcaption><p>Getting the SCIM details from the Manage Team page</p></figcaption></figure>

* The **Endpoint** and **Token** details will be needed to configure Okta.

#### In Okta

* Navigate to the existing Currents SAML app in Okta: **Applications > Applications.** Click on the **Currents** SAML ap&#x70;**.**

<figure><img src="https://3745692499-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqmFDEiUa9mr11LUlxDnt%2Fuploads%2Fbnq3zY24UDrimWqfmKXD%2Fcurrents-saml-app.png?alt=media&#x26;token=1fb15d72-6713-45d7-85fc-557b9e7a977e" alt=""><figcaption><p>Navigating to the Currents Okta App</p></figcaption></figure>

* Select the **Provisioning** tab and click **Configure API Integration**.
* Check the **Enable API Integration** box. Then provide the **Endpoint** and **Token** information from Currents.
* Click **Test API Credentials** and verify everything is working. Click **Save.**
* Still on the **Provisioning** tab, click **To App** in the left Settings panel and then **Edit** in the top righ&#x74;**.**
* Enable all the supported actions and Click save.
* Ensure that the **Application username format** is set to **Email**. This is found in the **Sign On** tab, under **Credentials Details**.&#x20;

<figure><img src="https://3745692499-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqmFDEiUa9mr11LUlxDnt%2Fuploads%2F29njVuZoyIay9PpMtzgL%2Fokta-scim-credential-details.png?alt=media&#x26;token=5b322c27-d70c-4d80-b641-a1b1a83596f6" alt=""><figcaption><p>Application username format set to Email</p></figcaption></figure>

* Navigate to the **Import** tab and click the **Import Now** button to find your existing Currents accounts
* Review the matched assignments. Use the checkboxes on the right to select all those that look correct, and click the **Confirm Assignments** button to confirm those imported users.
* You can now update user assignments from the **Assignments** tab to manage who has access to Currents.

### Known Issues/Troubleshooting

#### Unsupported Features

The Currents Okta app does not support the following Okta features:

* Import groups
* Group push
* Sync password
* Profile sourcing

#### Limited profile attributes updates

Currents does not accept updates to the following attributes:

* **userType** - changing a user's role is only supported from the Currents team member dashboard
* **userName** - the mapped userName must match the primary email
* **email** - the primary email cannot be changed


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.currents.dev/~/changes/TYKBeqcc7WyqjmgOzWzB/dashboard/administration/sso-saml2.0/okta/okta-user-provisioning.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.