Admin ConsoleUser Management

Okta SCIM Integration

System for cross-domain identity management (SCIM) can be used to automatically provision and de-provision members and groups in your Bitwarden organization.

note

SCIM Integrations are available for Enterprise organizations. Teams organizations, or customers not using a SCIM-compatible identity provider, may consider using Directory Connector as an alternative means of provisioning.

This article will help you configure a SCIM integration with Okta. Configuration involves working simultaneously with the Bitwarden web vault and Okta Admin Portal. As you proceed, we recommend having both readily available and completing steps in the order they are documented.

Supported features

The following provisioning features are supported by this integration:

  • Push Users: Users in Okta that are assigned to Bitwarden are added as users in Bitwarden.

  • Deactivate Users: When users are deactivated in Okta, they will be deactivated in Bitwarden. 

  • Push Groups: Groups and their users in Okta can be pushed to Bitwarden.

note

Please note, Bitwarden does not support changing a user's email address once provisioned. Bitwarden also does not support changing a user's email address type, or using a type other than primary. The values entered for email and username should be the same. Learn more.

Enable SCIM

note

Are you self-hosting Bitwarden? If so, complete these steps to enable SCIM for your server before proceeding.

To start your SCIM integration, open the Admin Console and navigate to Settings SCIM provisioning:

SCIM provisioning
SCIM provisioning

Select the Enable SCIM checkbox and take note of your SCIM URL and SCIM API Key. You will need to use both values in a later step.

Add the Bitwarden app

In the Okta Admin Portal, select ApplicationsApplications from the navigation. On the Application screen, select the Browse App Catalog button:

Browse App Catalog
Browse App Catalog

In the search bar, enter Bitwarden and select Bitwarden:

Bitwarden Okta App
Bitwarden Okta App

Select the Add Integration button to proceed to configuration.

General settings

On the General Settings tab, give the application a unique, Bitwarden-specific label. Check the Do not display application icon to users and Do not display application icon in Okta Mobile App options and select Done.

Setup provisioning

Provisioning settings

Open the Provisioning tab and select the Configure API Integration button.

Once selected, Okta will list a few options for you to configure:

Configure API Integration
Configure API Integration
  1. Check the Enable API Integration checkbox.

  2. In the Base URL field, enter your SCIM URL, which can be found on the SCIM Provisioning screen (learn more).

  3. In the API Token field, enter your SCIM API Key (learn more).

Once you are finished, use the Test API Credentials button to test your configuration. If it passes the test, select the Save button.

Set Provisioning actions

On the Provisioning To App screen, select the Edit button:

Provisioning To App
Provisioning To App

Enable, at a minimum, Create Users and Deactivate Users. Select Save when you are done.

Assignments

Open the Assignments tab and use the Assign dropdown menu to assign people or groups to the application. Assigned users and groups will be automatically issued an invitation. Depending on your workflow, you may need to use the Push Groups tab to trigger group provisioning once they are assigned.

Finish user onboarding

Now that your users have been provisioned, they will receive invitations to join the organization. Instruct your users to accept the invitation and, once they have, confirm them to the organization.

note

The Invite → Accept → Confirm workflow facilitates the decryption key handshake that allows users to securely access organization vault data.

Make a suggestion to this page

Contact Our Support Team

For technical, billing, and product questions.

Name*
Bitwarden account email*
Verify account email*
Product*
Are you self-hosting?*
Subject*
Message...*

Cloud Status

Check status

© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here