Orchestrate revenue agents with the new Workflows
Okta

Okta

Provides Oauth2 configuration for SCIM in Okta

Install app
Gallery thumbnail 1
Gallery thumbnail 2
Gallery thumbnail 3
Gallery thumbnail 4
Gallery thumbnail 5

Overview

SCIM (System for Cross-domain Identity Management) lets you manage Attio workspace membership directly from your identity provider (IDP). When SCIM is configured, your identity provider can be used to manage workspace membership in Attio. Adding someone in your IDP provisions them in Attio, and removing them suspends their access.

How it works

How SCIM works

Once SCIM is configured, your IDP controls how members are provisioned and managed in Attio.

Provisioning users

Assigning a user to the Attio SCIM integration in your IDP adds them to your workspace. If a user with that email already exists in Attio, they are linked to the workspace rather than provisioned as a new user.

Users are provisioned as non-admin members by default. To provision someone as an admin, set their role to admin in your IDP before assigning them.

How a user is added depends on their email domain:

  • Verified domain: The user is added to the workspace directly and receives an email notifying them they've been added. New Attio users also receive a welcome email.
  • Non-verified domain: The user receives a workspace invite and is added once they accept it.

Deprovisioning users

Removing or deactivating a user in your IDP suspends their Attio workspace membership immediately and revokes their session.

It’s not possible to delete or downgrade the last remaining admin in a workspace. First, give another member admin access.

Manage admin and member roles

Set and update roles using the roles attribute in your IDP. Attio supports two roles: member and admin. An unrecognized role value defaults to member. If both roles are assigned to the same user, admin takes precedence.

Manage teams

SCIM groups map to Attio teams. Pushing a group from your IDP to Attio creates a new team, or you can link an IDP group to an existing team.

How Attio and your IDP work together

Your IDP is the source of truth for any members and teams provisioned through it. If a change is made directly in Attio, such as updating a role or team membership, your IDP will reconcile it back to its own state on the next sync.

Any members or teams not currently managed by your IDP can still be managed freely from within Attio and won't be affected by syncs.

Configure

You will need to be on the Entreprise plan and be a workspace admin to set up SCIM.

This app is directly integrated with the Attio app from the Okta store used for SCIM provisioning. Oauth2 is configured via this app to provide a limited-scoped token to the Attio app in Okta. In order to generate a token, follow those steps:

  1. From the Okta app, navigate to Provisioning > Integration
  2. Click on "Authenticate with Attio". This will open up a page for you to login with Attio. After login, you will see a request to give the app access to a workspace.
  3. Make sure that you select the workspace that you want to integrate with SCIM. Click Confirm.