# OKTA Stacksync {% hint style="info" %} The Stacksync OKTA app is currently under review by OKTA. Until the app is published on OKTA marketplace, here is a guide to synchronize your OKTA users automatically into Stacksync by creating the SCIM app yourself This setup takes \~10min {% endhint %} {% hint style="info" %} SSO is part of Stacksync Enterprise plan, you need to contact us at to have set it up {% endhint %} Notes: * This setup needs to be implemented by an OKTA **ADMIN** * The SCIM integration is associated to a unique Stacksync workspace. If you have multiple workspaces (such as dev, stage and prod) you will need to set up an SCIM app for each of these Stacksync workspaces. Each workspace has independent RBAC enforcement. ## SSO (SAML) setup instructions 1. On your OKTA homepage go on the admin section

2. In the Applications section, create an App integration of type SAML 2.0

3. Give the App name to `Stacksync` and you can add the Stacksync app logo (download file below) {% file src="/files/IP3EG3RYbdRz1yEcUcco" %} 4. Configure your SAML settings with: 1. Single sign-on URL: `https://auth.stacksync.com/login/callback?connection=` 2. Audience URI: `urn:auth0:stacksync:` 3. Application username: `Email` 4. Update application username on `Create and update` 5. Attribute Statements: 1. name=`emails` 2. name format=`Basic` 3. value=`user.email`

6. You can skip the `Feedback` section and click `Finish` 1. Send us at `sso@stacksync.com` the following details: 1. `Identity Provider Single Sign-On URL` at the top of the SAML setup instructions page.

`2.SAML Signing Certificates` for `SHA2`

1. Once we have received the above informations, we will activate SSO and you're all set! :tada: ## SCIM setup instructions 1. On the General page of the SAML app you just created, enable SCIM provisioning.

2. Go to the Stacksync Workspace Settings page at `https://app.stacksync.com` to find the informations necessary for the next steps. 1. Find your Stacksync `workspace_id` on top of the page.

2. Generate a `workspace_api_key` at the bottom of the same page. **Only the owner** of the Stacksync workspace can Stacksync workspace api keys.

3. Go back to your SAML app on the Provisioning page. Fill in the following parameter: 1. **Base URL:** `https://api.stacksync.com/v1/workspaces//scim/v2/` 2. **API Token:** `Bearer `

4. Allow your SCIM app to create, update and deactivate users. Stacksync users never use passwords to connect to Stacksync therefore the `Sync Password` feature should be disabled.

5. Go to the Profile Editor and add a new Attribute a new `roles`to the app. This is a standard SCIM attribute with the following fields: 1. Data type: `string array` 2. Display name: `roles` 3. Variables name: `roles` 4. External name: `roles` 5. External namespace: `urn:ietf:params:scim:schemas:core:2.0:User` 6. Description: `SCIM role attribute for Stacksync app` 7. Enum: `true` 8. Attribute member: `viewer` and `editor` 9. Attribute required: `true` 10. Attribute type: `Group` 11. Group Priority: Use `Group Priority`

6. Go to Directory/Groups, create 2 groups: `Stacksync Editors` and `Stacksync Viewers`. Each group will be assigned a different role in Stacksync (`editor` and `viewer`)

7. Assign to the Stacksync Groups you just created the people you want to give access to Stacksync

8. Go back to your application and under `Assignments` assign these 2 groups to the application. Make sure you select the right role for each group. You can ignore the other fields, Stacksync is not reading them.

That's it! 🎉 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stacksync.com/security-and-other-resources/identity-and-access-management/sso/okta-stacksync.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.