# OKTA

{% hint style="info" %}
The Stacksync OKTA app is currently under review by OKTA. Until the app is published on OKTA marketplace, here is a guide to synchronize your OKTA users automatically into Stacksync by creating the SCIM app yourself

This setup takes \~10min
{% endhint %}

Notes:

* This setup needs to be implemented by an OKTA **ADMIN**
* The SCIM integration is associated to a unique Stacksync workspace. If you have multiple workspaces (such as dev, stage and prod) you will need to set up an SCIM app for each of these Stacksync workspaces. Each workspace has independent RBAC enforcement.

### Setup manual

1. On your OKTA homepage go on the admin section

   <figure><img src="/files/G3ZvtCZNLE9mh48IDcUs" alt=""><figcaption></figcaption></figure>
2. Once you are on the admin page, go to `Applications` and click on `Create App Integration`

   <figure><img src="/files/pQ1CCi0Wc13b9dZZNOyj" alt=""><figcaption></figcaption></figure>
3. Browse for SCIM 2.0 App with Header Authentication

   <figure><img src="/files/YOjAu4OBVp7tIVCGgnZM" alt=""><figcaption></figcaption></figure>
4. Add the application

   <figure><img src="/files/mlCaoM7eSu4BUoGHdJSW" alt=""><figcaption></figcaption></figure>
5. In the provisioning section click on `Configure API Integration`

   <figure><img src="/files/W2qAxblrENM1I7qcG7bT" alt=""><figcaption></figcaption></figure>
6. Go to the Workspace Settings page at `https://app.stacksync.com` to find the informations necessary for the next steps.&#x20;

   1. Find your `workspace_id` on the top of the page

   <figure><img src="/files/dmeLBUORLCX2MFWH4rjx" alt=""><figcaption></figcaption></figure>

   1. Generate a `workspace_api_key` at the bottom of the page.

      <figure><img src="/files/bkUvoMBMXKseZzvpEGBO" alt=""><figcaption></figcaption></figure>
7. Set up the API integrations using your Stacksync credentials:
   1. **Base URL:** `https://api.stacksync.com /v1/workspace/<your_workspace_id>/scim/v2/`
   2. **API Token:** `Bearer <your_workspace_api_key>`

      <figure><img src="/files/raZZV42E3iH0brvYCUaN" alt=""><figcaption></figcaption></figure>
8. Now that you are connected to the Stacksync SCIM server, you can create a Group for the users that will have the role `editor` in Stacksync and then provision that group to the app you just created.\
   Note that there are 2 roles you can set for you group: `viewer` or `editor.`

   <figure><img src="/files/8HhrqB1FBSn48YDTx8HG" alt=""><figcaption></figcaption></figure>

   <figure><img src="/files/4vDFLXJF92BeVv3yXnQo" alt=""><figcaption></figcaption></figure>
9. Now you can assign users to this group

   <figure><img src="/files/77kUqKQYWVAscraOciKl" alt=""><figcaption></figcaption></figure>

Congrats' you just automatically provisioned users to the Stacksync app!


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stacksync.com/two-way-sync/features/security/scim/okta.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.