All Collections
Account administration
Corporate Management
Configuring User Provisioning with OKTA
Configuring User Provisioning with OKTA

Enabling users to be set up in Elements directly from OKTA using the SCIM protocol

Ksawery Lisinski avatar
Written by Ksawery Lisinski
Updated over a week ago

Configuring user provisioning with OKTA has never been easier, follow the steps included in this short article to learn how to do it.


  • You have a Corporate Management set up within the application. Contact to set up Corporate Management.

  • You are the Corporate Management Admin.

  • At least one domain has been verified.


Invited User Administration is supported for the Elements application.

This enables OKTA to:

  • update user profiles for users who are in an invited state in Elements (including those who have not accepted invitations); and

  • move a user who has not accepted an invitation and make their account active.

The following provisioning features are supported:

  • Push New Users

  • New users created through OKTA will also be created in the Elements application.

TIP users created in OKTA who have an email that is not part of a verified domain in the Elements Enterprise will not be added to the Elements environment.

  • Push Profile Updates

  • Updates made to the user's profile through OKTA will be pushed to the Elements application.

TIP only users with an email whose domain is verified in the Elements Enterprise will be updated in Elements.

  • Push User Deactivation

  • Deactivating the user or disabling the user's access to the application through OKTA will block the user in the Elements application.

Known Issues

  • If the user email is changed in OKTA (but not the username), it will not update the email of the user in Elements. The user is still connected and authentication will still work, but all notifications in Elements will still be sent to the original email address

  • If the username changes in OKTA, this will result in a new user account being created in Elements with the email. If a user account in Elements already exists with this email, then it merges the new OKTA user with the existing Elements account

Configuration Steps

Configure your Provisioning setting for Elements as follows:

  1. In the Enterprise Management app in Elements, go to the "Config" page from the right menu and select the "Provisioning" tab.

2. Select OKTA from the Identity Provider dropdown - this is the default. This will then show the SCIM Base URL and the API token required by OKTA.

3. Return to OKTA and log in as an Administrator. In the Admin area, go to the Applications menu and click on the application.
Go to the Provisioning tab -> To App.

4. Scroll down until you see the Attribute Mappings. Click on Go to Profile Editor.

5. In the Profile Editor, click on Map Attributes.

 6. In the mappings page, click on the Okta to tab. For the userName attribute, click on Override with mapping. Map the userName to user.login and make sure to choose the Apply mapping on user create only option.

7. Go to the Provision tab -> API Integration 

  • Enable API integration checkbox and entry of the token from Elements.
    The token can be tested using the API credentials with the Test API Credentials button. 

  • Then click Save.

8. Done.

Did this answer your question?