System for Cross-domain Identity Management (SCIM) is one of the most widely used protocols for managing users across multiple applications.
The Okta SCIM provisioning integration enables Deel HR clients to automatically sync employee data from Deel into Okta, allowing IT teams to provision users into other applications such as Zendesk, Salesforce, and more.
This article explains how to enable the Okta SCIM integration for Deel HR. The first part of the integration is completed on Deel, while the second part is finalized in Okta.
In this article
- Before you begin
- Step 1. Connect to Okta SCIM in Deel
- Step 2. Connect to Deel in Okta
- Step 3: Finalize the connection
- FAQs
Before you begin
You must have:
- A Deel account and be logged in.
- Organization Admin access to Deel.
- A user with Admin permissions in Okta.
Step 1. Connect to Okta SCIM in Deel
- Navigate to your Deel account dashboard.
- Go to More > Apps and search for Okta.
- Click Connect Okta.
Generate the SCIM API Base URL and Organization token.
The SCIM API Base URL is the entry point to the Deel SCIM API, and the API Token is needed for authentication. You may need to manually type in : /scim/v2 at the end of the base URL
Step 2. Connect to Deel in Okta
Follow the guide in Okta:
Log in to the Okta Admin Console with administrator privileges.
Search for the Deel application in the Okta Integration Network and add it to your dashboard.
Click Add integration.
Navigate to the Provisioning tab within the Deel app settings in Okta.
From the left navigation menu, select the Integration option.
Click the button labeled Configure API integration.
Check the box or toggle for Enable API Integration.
Paste your Organization token (which you should have generated in Deel previously) into the API Token field.
Click Save to finalize the connection.
Step 3: Finalize the connection
Return to the Okta Configuration screen in the setup wizard of the Deel dashboard
Click Connect.
appuser.userName. See the FAQs section below for details.
FAQs
Can I sync custom attributes/fields from Deel to Okta?
Yes, but it depends on where the attribute is located in Deel. The integration supports two levels of data:
- Profile-level custom attributes: These are supported. You can sync these to Okta by manually configuring your SCIM API mapping in the Okta Profile Editor.
- Contract-level custom attributes: These are not currently supported. Data stored specifically within a worker's contract (rather than their general profile) cannot be synced via the standard Okta SCIM integration.
If you need a specific data point to sync to Okta, ensure it is created as a Personal Profile field in Deel rather than a Contract Detail field.
How can I make sure a worker’s work email is used as their username in Okta?
In Okta, clients can define how usernames are set for users provisioned
via SCIM. To use the worker’s work email from Deel (sent as
userName), you’ll need to configure the username
format in Okta manually.
Here’s how:
- In Okta, go to Applications and select the Deel app.
- Click Provisioning To Okta.
- Under Okta username format, select Custom.
-
In the input field, enter:
appuser.userName.
This ensures that the work email (sent from Deel as
userName) is correctly used as the username for
the Okta account.
Why is userName null in Okta?
The userName field in Okta is mapped to a worker's
work email in Deel HR. If the work email is not filled in, the
userName in Okta will be null. Enter the worker's
work email in Deel to resolve this issue.
Can I map the work email in Okta?
The Deel SCIM API, which is behind this integration,
returns a worker's work email in the userName property.
Reach out to your Okta representative to obtain support on how
to map this value to your desired property.