This guide will show you how to set up an Okta SCIM 2.0 application to automatically provision and manage user access to Doppler.
SCIM requires a Pro subscription
Open the Okta admin console and select the Classic UI as currently, the new UI does not allow the setup and configuration of SCIM 2.0 applications.
Create a new SCIM 2.0 application by Selecting Applications > Applications from the main menu.
Then search for SCIM and select SCIM 2.0 Test App (Header Auth).
Then click the Add button.
On the following screen:
- Change Application label to Doppler SCIM,
- Un-check all options
- Then click Next
On the final screen, select Email as the Application username format, then click Done.
Now on the Application overview page, select the Provisioning Tab, then click the *Configure API integration** button.
Then select Enable API integration which requires two fields: Base URL and API Token. In the next section, we'll enable the SCIM 2.0 feature in Doppler in order to populate these form values.
Open the Doppler dashboard in a new window, then:
- Select the Workplace you want to enable SCIM for (must be on a Pro subscription)
- Click on Team from the main menu
- Scroll down to the SCIM section
- Check Enable, then click Save
Once the page reloads, you'll see a Base URI section in the SCIM 2.0 panel.
Copy that value, then go back to the Okta API Integration page and paste in the value for Base URL.
Next, we need the value for the API Token.
Head back to the Doppler dashboard and click the Manage link which will open the Tokens page in a new window.
Copy the value for Header auth.
Now return to the Okta API Integration page and paste in the value for API Token, making sure there are no leading or trailing spaces. Next, click on the Test API Credentials button to ensure Okta can successfully authenticate with Doppler's AP, then click the Save button.
Now Okta can communicate with Doppler's API to provision users, and the next step is selecting which user provisioning tasks should be enabled.
Now that the API Integrations form has been saved, make sure you're viewing the To App section from the Provisioning tab.
Then click on the Edit button to configure how Okta will handle provisioning and management of users in Doppler.
All options can be enabled with the exception of Sync Password. This is because Okta's default generated passwords are eight characters which don't meet our minimum twelve characters requirement.
Now, whenever new users are added, updated, or deactivated in Okta, Doppler will receive the relevant API call to sync changes to its user records.
The final step is granting users access to Doppler by assigning users to the Doppler SCIM application. How users will be assigned, whether by group or individually is up to you, but we'll demonstrate the flow for adding a specific user below.
Click on the Assignment tab, then click on the Assign button, then select Assign to People.
Filter the list of users shown using the Search field, then click Assign for each user you want to grant access to.
Next, confirm the field mapping is correct and click Save and Go Back to confirm the addition of the user to the Doppler SCIM application.
The user should now be in the list of assigned users for the application.
We can confirm the successful provisioning of the user in Doppler by going to the Team page.
You've now set up an Okta SCIM 2.0 application to automatically provision and manage user access to Doppler.
Updated 2 months ago