This article will help you get your organization set up with SCIM provisioning using Deel's OKTA app and our SSO capabilities.
One of the most popular protocols for management of users across multiple applications is called System for Cross-domain Identity Management, or SCIM for short. It allows your IT or Service Ops teams to seamlessly provision (add), de-provision (deactivate), and update user data across your enterprise applications at once, saving you time and ensuring the highest security standards.
To get going, you'll need to be a Deel Administrator, and work closely with the manager of your organization's Okta account.
SCIM capabilities supported by Deel
-
Create users
-
Update user attributes
-
Deactivate users
Please note that our capabilities support provisioning for Deel client users who manage your organisation's Deel account.
Configuration Steps
Step 1
Go to your Okta admin page and change to the classic UI by navigating to the Developer Console
Then click on "Applications" and find the Deel app:
Step 2: Navigate to "Provisioning" tab
Once you're on the Deel app, you'll have to navigate to the provisioning tab as you can see in these screenshots.
Click on the "Configure API Integration" button.
Step 3: Access SCIM token from User Management section of the integrations tab
Please keep in mind that for this step you'll need a user with permissions on all the teams in the organization which will have a dedicated account manager assigned to the organization. If you can't access this step please contact your dedicated CSM account manager. After verifying this, you can navigate to your Integrations tab on the left side menu and scroll down to select the OKTA SCIM option:
Then you can select Setup & Token, and copy the generated token or click on the Generate admin token button to generate a new one, as well as grab the base URL:
Step 4: Input SCIM URL and API token from Deel into Okta to enable provisioning
Once you've done this, please click save.
Step 5: Configuring the app
Navigate to the 'Provisioning tab and click 'To App' and then click 'Edit' to enable the functionality you require with Deel.
Check each box that applies to Deel's supported provisioning functionality:
-
Create Users
-
Update User Attributes
-
Deactivate Users
Click save.
Step 6: Set the Application username format to email.
First, navigating to the 'Sign On' tab and clicking 'Edit'
Then please ensure you select 'Email' for the 'Application username format' option and hit save.
Step 7: Create a group for each user-type you need in Deel
Create groups for each user type you would like to support. We have 3 user types: 'freelance' , 'employee' and 'manager' .
Then add each created group to the Deel application.
And finally, assign the user-type to the group. This is either
-
'freelance' to enable for contractors
-
'employee' to enable the app for employees, or,
-
'manager' for Deel client administrators
Please note that you must use the exact wording for the user type in order for provisioning to function.
Troubleshooting
Am I able to update user attributes like user type, username and email?
We do not support this functionality so you will need to contact support in order for us to do this for you.
If you have any issue with the configuration, please do not hesitate to contact Deel support.