Configure SCIM with Okta

Postman supports SCIM provisioning through Okta with the Postman Okta app or the SCIM 2.0 test app (Header Auth). These apps enable you to automate user provisioning and de-provisioning for your team.

You must be a Postman Team Admin or Super Admin to enable SCIM for your team. It's recommended that you enable SCIM with a service account assigned the Super Admin role.

With SCIM enabled, users won't have the option to leave your team on their own, and won't be able to change their account email or password. Only Team Admins and Super Admins have permission to remove team members. Only administrators in Okta have permission to use SCIM to change user account emails if they're associated with a domain your team verified.

Enable SCIM in Okta with the Postman Okta app

Postman is available as an app in the Okta Integration Network, allowing you to enable user provisioning directly through Okta.

It's recommended that you enable SCIM in Okta with the Postman Okta app.

Prior to enabling SCIM in Okta, you must add the Postman app in Okta and configure Okta's SSO for your Postman team.

To set up provisioning with Okta, do the following:

  1. Enable SCIM in Postman and generate a SCIM API key.

  2. In Okta, go to the Postman app, select Provisioning, then select Configure API Integration.

    Configure API Integration in Okta Postman app
  3. Select Enable API integration, and enter the following:

    • Base URL - Enter https://api.getpostman.com/scim/v2.
    • API Token - Enter your SCIM API key.
    Configure provisioning in Okta's Postman app
  4. Select Test API Credentials. If successful, a verification message will appear.

    If verification is unsuccessful, confirm that you have SCIM enabled for your team in Postman, are using the correct SCIM API key, and that your API key's status is ACTIVE in your team authentication settings. If you continue to face issues, contact Postman support for assistance.

  5. Select Save. Then you can configure the Postman Okta app.

Configure the Postman Okta app

After you enable SCIM in Okta with the Postman Okta app, you can configure the app. The Postman Okta app supports the provisioning features listed in the SCIM provisioning overview.

To turn these features on or off, do the following:

  1. Go to the Postman app in Okta, select To App on the left, then select Edit.

    Configure features in Okta's Postman app
  2. Select features to enable them, or clear to turn them off.

    Enabled features in Okta's Postman app
  3. Select Save to save your changes.

  4. Select Assignments, then assign relevant people and groups to the app. Learn how to assign people and groups to an app in Okta.

    Assign people and group in the Postman Okta app

Enable SCIM in Okta with the SCIM test app

The SCIM 2.0 test app (Header Auth) is available in the Okta Integration Network, allowing you to enable user provisioning directly through Okta.

It's recommended that you enable SCIM in Okta with the Postman Okta app.

Prior to enabling SCIM in Okta, you must configure Okta's SSO for your Postman team.

To set up provisioning with Okta, do the following:

  1. Enable SCIM in Postman and generate a SCIM API key.

  2. Open your Okta admin console in a new tab.

  3. Go to Applications, and then select Applications.

  4. Select Browse App Catalog.

    Create new Okta app
  5. Search for "SCIM 2.0 Test App (Header Auth)". Select the app from the results, and then select Add Integration.

    Add new Okta SCIM test app
  6. In the General Settings tab, enter an app name you'll recognize later, and then select Next.

  7. In the Sign-On Options tab, select Done.

  8. In Okta, go to the SCIM 2.0 test app (Header Auth), select Provisioning, then select Configure API Integration.

    Configure API Integration in SCIM test app
  9. Select Enable API integration, and enter the following:

    • Base URL - Enter https://api.getpostman.com/scim/v2.
    • API Token - Enter your SCIM API key.
    Configure provisioning in Okta's SCIM test app
  10. Select Test API Credentials. If successful, a verification message will appear.

    If verification is unsuccessful, confirm that you have SCIM enabled for your team in Postman, are using the correct SCIM API key, and that your API key's status is ACTIVE in your team authentication settings. If you continue to face issues, contact Postman support for assistance.

  11. Select Save. Then you can configure the SCIM 2.0 test app (Header Auth).

Configure the SCIM test app

After you enable SCIM in Okta with the SCIM 2.0 test app (Header Auth), you can configure the app. The SCIM 2.0 test app (Header Auth) supports the provisioning features listed in the SCIM provisioning overview. The app also supports updating group information from Postman to your IdP.

To turn these features on or off, do the following:

  1. Go to the SCIM 2.0 test app (Header Auth) in Okta, select Provisioning, select To App on the left, then select Edit.

    Configure features in Okta's SCIM test app
  2. Select features to enable them, or clear to turn them off. Postman supports the Create users, Update User Attributes, and Deactivate Users features. Postman doesn't support the Sync Password feature.

    Enabled features in Okta's SCIM test app
  3. Select Save to save your changes.

  4. Make sure only the Username, Given name, and Family name attributes are mapped. Delete other attributes if they're mapped.

    Okta's SCIM test app attribute mappings
  5. Select Assignments, then assign relevant people and groups to the app. Learn how to assign people and groups to an app in Okta.

    Assign people and group in Okta's SCIM test app

Last modified: 2024/06/28