This article will help you get your organization set up with SCIM provisioning using Deel's OKTA app and our SSO capabilities.
One of the most popular protocols for management of users across multiple applications is called System for Cross-domain Identity Management, or SCIM for short. It allows your IT or Service Ops teams to seamlessly provision (add), de-provision (deactivate), and update user data across your enterprise applications at once, saving you time and ensuring the highest security standards.
To get going, you'll need to be a Deel Administrator, and work closely with the manager of your organization's Okta account.
SCIM capabilities supported by Deel
-
Create users
-
Update user attributes
-
Deactivate users
Please note that our capabilities support provisioning for Deel client users who manage your organisation's Deel account.
Configuration Steps
Step 1 -- Go to your Okta admin page and change to the classic UI by navigating to the Developer Console.
Then click on Applications and find the Deel app:
Step 2 --Navigate to Provisioning tab.
Once you're on the Deel app, you'll have to navigate to the provisioning tab as you can see in these screenshots.
Click on Configure API Integration.
Step 3 -- Access SCIM token.
Please keep in mind that for this step you'll need a user with permissions on all the teams in the organization which will have a dedicated account manager assigned to the organization. If you can't access this step please contact your dedicated CSM account manager. After verifying this, you can navigate to Apps & Perks in the navigation menu and locate Okta SCIM in the User Management section:
Then you can select Setup & Token and copy the generated token or click on the Generate admin token button to generate a new one, as well as grab the base URL:
Step 4 -- Input SCIM URL and API token from Deel into Okta to enable provisioning.
Once you've done this, please click Save.
Step 5 -- Configuring the app.
Navigate to the Provisioning tab and click To App and then click Edit to enable the functionality you require with Deel.
Check each box that applies to Deel's supported provisioning functionality:
-
Create Users
-
Update User Attributes
-
Deactivate Users
Click Save.
Step 6 -- Set the Application username format to email.
First, navigate to the Sign On tab and click Edit
Then please ensure you select Email for the Application username format option and click Save.
Step 7 -- Create a group for each user-type you need in Deel.
Create groups for each user type you would like to support. We have 3 user types: 'freelance' , 'employee' and 'manager' .
Then add each created group to the Deel application.
And finally, assign the user-type to the group. This is either
-
'freelance' to enable for contractors
-
'employee' to enable the app for employees, or,
-
'manager' for Deel client administrators
Please note that you must use the exact wording for the user type in order for provisioning to function.
Troubleshooting
Am I able to update user attributes like user type, username and email?
We do not support this functionality so you will need to contact support in order for us to do this for you.
If you have any issue with the configuration, please do not hesitate to contact Deel support.