> ## Documentation Index
> Fetch the complete documentation index at: https://wundergraphinc-brendan-add-sof-link.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta

> Configure SCIM with Okta.

### Steps to set up SCIM with Okta

<Steps>
  <Step>
    Set up the password policy (password should contain at least one number and one symbol), if using the **Classic Engine on Okta** follow the below steps**,** or if using the  **OIE engine,**follow the steps as mentioned in this  [**Okta guide**](https://help.okta.com/oie/en-us/content/topics/identity-engine/authenticators/configure-password.htm)**.**

    * Navigate to Security -> Authentication on your Okta Administrator Dashboard.

    * Click Edit and update the password policy by enabling Number and Symbol, then click on Update Policy.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/okta-password-policy-configuration.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=2c0b9cacb9f9e44852abf3bb58071161" alt="Okta application settings" title="Okta application settings" width="2304" height="1187" data-path="images/studio/scim/okta-password-policy-configuration.png" />
    </Frame>
  </Step>

  <Step>
    Navigate to the Applications view within your Okta Administrator Dashboard.
  </Step>

  <Step>
    Click on **Create App Integration**.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/okta-app-integration-creation.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=e85a26a7ef2fb111f26454c1fb139672" alt="Okta sign-on configuration" title="Okta sign-on configuration" width="2304" height="1254" data-path="images/studio/scim/okta-app-integration-creation.png" />
    </Frame>
  </Step>

  <Step>
    A dialog appears, select SWA - Secure Web Authentication and then click **Next.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/okta-swa-app-integration-setup.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=462a301f9c0eb0f19e34bd29fcd24b49" alt="SCIM provisioning settings" title="SCIM provisioning settings" width="2304" height="1256" data-path="images/studio/scim/okta-swa-app-integration-setup.png" />
    </Frame>
  </Step>

  <Step>
    Now give the app a name and populate the app's login URL with [**https://cosmo.wundergraph.com/login**](https://cosmo.wundergraph.com/login)**.**
  </Step>

  <Step>
    For "**Who sets the credentials**", select **Administrator sets username, user sets password.**
  </Step>

  <Step>
    For the **application username**, select **Email** and then click **Finish.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/swa-integration-setup-for-test-app.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=fc8ee93fcb24fbffd246638c2902a5fb" alt="SCIM user provisioning actions" title="SCIM user provisioning actions" width="1330" height="1318" data-path="images/studio/scim/swa-integration-setup-for-test-app.png" />
    </Frame>
  </Step>

  <Step>
    Now navigate to the **General** tab, click on **Edit** in **App settings.**
  </Step>

  <Step>
    Enable  **SCIM provisioning**and then click on **Save.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/test-app-provisioning-settings.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=19b7b5c4e742ea30cc781563dae7d7d4" alt="SCIM connector test result" title="SCIM connector test result" width="2304" height="1186" data-path="images/studio/scim/test-app-provisioning-settings.png" />
    </Frame>
  </Step>

  <Step>
    Navigate to the settings page on WunderGraph Cosmo and enable **SCIM.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/enable-generative-ai-in-cosmo-settings.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=2644c1d39dd7bf0bc7eeac26fab5f275" alt="Provisioning to app settings" title="Provisioning to app settings" width="2304" height="1249" data-path="images/studio/scim/enable-generative-ai-in-cosmo-settings.png" />
    </Frame>
  </Step>

  <Step>
    Once SCIM is enabled, you will be provided with a  **SCIM Server URL,**copy it**.**
  </Step>

  <Step>
    Navigate to the API Keys page on WunderGraph Cosmo and click on New API Key.
  </Step>

  <Step>
    Provide the key with a name, select **Never** for **Expires,** then select  **SCIM** under **Permissions**, then click on **Generate API key.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/create-scim-api-key-for-project.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=e6d2308308462316247d30f8966ae407" alt="SCIM key generation screen" title="SCIM key generation screen" width="1122" height="862" data-path="images/studio/scim/create-scim-api-key-for-project.png" />
    </Frame>
  </Step>

  <Step>
    Copy the API key provided.
  </Step>

  <Step>
    Navigate to the provisioning tab of the app created on okta, then click on **Edit**.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/scim-connection-setup-in-okta.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=4beaaa59b16f501ac0b3c96eb1a5a0e7" alt="Okta assignments screen" title="Okta assignments screen" width="2304" height="1259" data-path="images/studio/scim/scim-connection-setup-in-okta.png" />
    </Frame>
  </Step>

  <Step>
    Populate the **SCIM connector base URL** with the copied **SCIM server URL** .
  </Step>

  <Step>
    Populate the **Unique identifier field for users** with **"email".**
  </Step>

  <Step>
    Select **Import New Users and Profile Updates, Push New Users and Push Profile Updates** for **Supported provisioning actions.**
  </Step>

  <Step>
    Select  **HTTP Header**for **Authentication Mode.**
  </Step>

  <Step>
    Populate the **Authorization** field  under HTTP Header with the above-copied API key.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/scim-connection-configuration-for-test-app.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=469202db24e8e31b63e31225d91a17b4" alt="Okta user profile" title="Okta user profile" width="2304" height="1183" data-path="images/studio/scim/scim-connection-configuration-for-test-app.png" />
    </Frame>
  </Step>

  <Step>
    Click on Test Connector Configuration, a dialog will appear showing the connector is configured successfully, click Close.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/connector-configuration-test-successful.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=1236975f4f85e15a23630433f6bc3a65" alt="Okta group provisioning overview" title="Okta group provisioning overview" width="940" height="1150" data-path="images/studio/scim/connector-configuration-test-successful.png" />
    </Frame>
  </Step>

  <Step>
    Click on **Save.**
  </Step>

  <Step>
    Navigate to the "**to App"** tab**, and** click on **Edit.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/to-app-configuration-for-test-app.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=3ff60da44e0bf37ebc7bebefe2769ae7" alt="To App configuration for test app" title="To App configuration for test app" width="2304" height="1188" data-path="images/studio/scim/to-app-configuration-for-test-app.png" />
    </Frame>
  </Step>

  <Step>
    Enable  **Create Users, Update User Attributes, Deactivate Users**and **Sync Password.**
  </Step>

  <Step>
    Under **Sync Password** for **Password type**, select **Sync Okta Password.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc-brendan-add-sof-link/lp_f9DXOip40YgZM/images/studio/scim/provisioning-to-app-setup-for-user-creation.png?fit=max&auto=format&n=lp_f9DXOip40YgZM&q=85&s=ae971e042c62b7556ca22ea2a12456e1" alt="Provisioning to App setup for user creation" title="Provisioning to App setup for user creation" width="1004" height="906" data-path="images/studio/scim/provisioning-to-app-setup-for-user-creation.png" />
    </Frame>
  </Step>

  <Step>
    Click **save.**
  </Step>

  <Step>
    Now you can navigate the Assignments tab and assign users/groups who should have access to WunderGraph Cosmo.
  </Step>
</Steps>

<Info>
  If you are using both **SSO with OIDC** and **SCIM**, please make sure that the users assigned in both apps are the same.
</Info>
