Configure SCIM with Okta

Postman supports SCIM (System for Cross-domain Identity Management) provisioning through Okta with the Postman Okta app or the SCIM 2.0 test app (Header Auth). These apps enable you to automate user provisioning and de-provisioning for your team.

You must be a Postman Team Admin or Super Admin to enable SCIM for your team. It’s recommended that you enable SCIM with a service account assigned the Super Admin role.

With SCIM enabled, users won’t have the option to leave your team on their own, and won’t be able to change their account email or password. Only Team Admins and Super Admins have permission to remove team members. Only administrators in Okta have permission to use SCIM to change user account emails if they’re associated with a domain your team verified.

Set up SCIM in Okta with Postman Okta app

Postman is available as an app in the Okta Integration Network, allowing you to enable user provisioning directly through Okta.

It’s recommended that you enable SCIM in Okta with the Postman Okta app.

Enable SCIM in Okta with Postman Okta app

Prior to enabling SCIM in Okta, you must add the Postman app in Okta and configure Okta’s SSO for your Postman team.

To set up provisioning with Okta, do the following:

1. Enable SCIM in Postman and generate a SCIM API key.

2. In Okta, go to the Postman app, click Provisioning, then click Configure API Integration.

   

3. Click Enable API integration, and enter the following:

   • Base URL - Enter https://api.getpostman.com/scim/v2.
   • API Token - Enter your SCIM API key.
   

4. Click Test API Credentials. If successful, a verification message will appear.

   If verification is unsuccessful, confirm that you have SCIM enabled for your team in Postman, are using the correct SCIM API key, and that your API key’s status is ACTIVE in your team authentication settings. If you continue to face issues, contact Postman support for assistance.

5. Click Save. Then you can configure the Postman Okta app.

Configure the Postman Okta app

The Postman Okta app supports the provisioning features listed in the SCIM provisioning overview.

To turn these features on or off, do the following:

1. Go to the Postman app in Okta, click To App on the left, then click Edit.

   

2. Select features to enable them, or clear to turn them off.

   

3. Click Save to save your changes.

Next, assign people to Postman.

Set up SCIM in Okta with SCIM test app

The SCIM 2.0 test app (Header Auth) is available in the Okta Integration Network, allowing you to enable user provisioning directly through Okta.

It’s recommended that you enable SCIM in Okta with the Postman Okta app.

Enable SCIM in Okta with SCIM test app

Prior to enabling SCIM in Okta, you must configure Okta’s SSO for your Postman team.

To set up provisioning with Okta, do the following:

1. Enable SCIM in Postman and generate a SCIM API key.

2. Open your Okta admin console in a new tab.

3. Go to Applications, and then click Applications.

4. Click Browse App Catalog.

   

5. Search for “SCIM 2.0 Test App (Header Auth)”. Select the app from the results, and then click Add Integration.

   

6. In the General Settings tab, enter an app name you’ll recognize later, and then click Next.

7. In the Sign-On Options tab, click Done.

8. In Okta, go to the SCIM 2.0 test app (Header Auth), click Provisioning, then click Configure API Integration.

   

9. Click Enable API integration, and enter the following:

   • Base URL - Enter https://api.getpostman.com/scim/v2.
   • API Token - Enter your SCIM API key.
   

10. Click Test API Credentials. If successful, a verification message will appear.

    If verification is unsuccessful, confirm that you have SCIM enabled for your team in Postman, are using the correct SCIM API key, and that your API key’s status is ACTIVE in your team authentication settings. If you continue to face issues, contact Postman support for assistance.

11. Click Save. Then you can configure the SCIM 2.0 test app (Header Auth).

Configure the SCIM test app

After you enable SCIM in Okta with the SCIM 2.0 test app (Header Auth), you can configure the app. The SCIM 2.0 test app (Header Auth) supports the provisioning features listed in the SCIM provisioning overview. The app also supports updating group information from Postman to your identity provider (IdP).

To turn these features on or off, do the following:

1. Go to the SCIM 2.0 test app (Header Auth) in Okta, click Provisioning, click To App on the left, then select Edit.

   

2. Select features to enable them, or clear to turn them off. Postman supports the Create users, Update User Attributes, and Deactivate Users features. Postman doesn’t support the Sync Password feature.

   

3. Click Save to save your changes.

4. Make sure only the Username, Given name, and Family name attributes are mapped. Delete other attributes if they’re mapped.

   

Next, assign people to Postman.

Assign people to Postman in Okta

Postman recommends creating and pushing groups from Okta to ensure they’re synced and set with the right permissions. To learn more, see Push groups in Okta.

You can assign people and groups to the Postman app in Okta.

To assign people to Postman in Okta, do the following:

1. Sign in to the Okta Admin Console.

2. Go to Applications and select your app.

3. Click Assignments.

4. Select Assign > Assign to People or Assign to Groups to assign people to the app.

   

5. Search for the person or group and click Assign.

Learn how to assign people and groups to an app in Okta.

Push groups in Okta

Postman recommends creating and pushing groups from Okta to ensure they’re synced with the Active Directory (AD) group. You can find and link an existing group or create a new group using your AD group.

Find and link a group in Okta

Group linking allows you to link an AD group to an existing Postman group. When you search for a Postman group to link to, only the groups without members will be displayed. When you select a group to link to, the Postman group will be renamed. This option is recommended when you want to assign a permission to a group in Postman, then link it to your AD group in Okta.

To link an AD group to a Postman group from Okta, do the following:

1. Sign in to the Okta Admin Console.

2. Go to Applications and select your app.

3. Click Push Groups.

4. Select By name and enter the name of the group you want to push.

5. Click Link Group, then select an existing Postman group.

   

   Ensure that the Push group membership immediately option is selected.

6. Click Save.

7. Refresh your browser and click All to check that your group is Active.

   

Now, Postman users can invite the group to their workspaces.

Create a new group in Okta

To create a new group in Postman using your AD Group, do the following:

1. Sign in to the Okta Admin Console.

2. Go to Applications and select your app.

3. Click Push Groups.

4. Select By name and enter the name of the group you want to push.

5. Click Create Group.

   

   Ensure that the Push group membership immediately option is selected.

6. Click Save.

7. Refresh your browser and click All to check that your group is Active.

   

Now, Postman users can invite the group to their workspaces.