# SCIM Provisioning using Okta The System for Cross-domain Identity Management (SCIM) user management API enables automatic provisioning of users between the Code Ocean platform and Okta. {% hint style="info" %} Setting up Groups is the best way to ensure that new users will have all relevant Capsules, Data, and Pipelines available to them when they join, and that there will be no lost assets when team members leave. It is best practice to utilize Group sharing when working with shared assets. {% endhint %} ### Requirements * Administrator or higher for Okta * Administrator in Code Ocean ### Creating a Custom Application 1. Navigate to Okta using the the URL provided to you in your activation email for example 2. Sign in with your username/email address and Password 3. Click **Applications** from the main and sub menu 4. Code Ocean is not included in the App Catalog, an App Integration must be created ### **Configuring Provisioning** 1. Click **Create App Integration** 2\. Select the Sign in method 3\. Enter the General App Setting information and click **Finish**. 4\. Select and click on the SCIM protocol, to synch the application to the Code Ocean platform 5\. Click **Provisioning** 6\. Click **Integration** 7\. To integrate the API click **Edit** 8\. in **Unique identifier field for users** enter "email" 9\. Choose **Http Header** in **Authentication Method** 10\. To enable the API Integration you need to obtain the credentials from Code Ocean ### **Code Ocean Credentials** 1. Sign into your Code Ocean platform 2. Click **Admin** ![](https://1896218754-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0FwC6oCl8rKnGtPrZBk0%2Fuploads%2Fgit-blob-a104845f086054f98b19c71c95b78a4a36bc0109%2FAdmin%201.jpeg?alt=media) 3. Click **Integrations** ![](https://1896218754-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0FwC6oCl8rKnGtPrZBk0%2Fuploads%2Fgit-blob-d0f9203e830fce9afd4cb1f3c6a5853dfdeee141%2FIntegrations.jpeg?alt=media) 4. Scroll down to SCIM 5. Click **Copy to clipboard** to copy the URL and paste it in **Base URL** in Okta 6. Click **Generate new token** and paste in to **Authorization** in Okta
8\. Click **Test API Credentials** 9\. A confirmation message appears when the SCIM is successfully verified 10\. Click **Save** ## Assigning Users and Groups ### Set Up User Provisioning To assign groups, synch individuals into a group and synch the group's name to the system: 1. Click the **Assignments** tab To assign individuals to a group 2. Click **Assign** 3. Click **Assign to Groups** ![](https://1896218754-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0FwC6oCl8rKnGtPrZBk0%2Fuploads%2Fgit-blob-fb7960124ff5ce5e5153a0b93a700f152f1d2843%2FAssign.jpeg?alt=media) 4\. To assign users to a group click the name of the group 5\. Click **Assign People** 6\. Add or Remove members to or from the group by selecting the member, then click + or - 7\. Click **Save** ![](https://1896218754-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0FwC6oCl8rKnGtPrZBk0%2Fuploads%2Fgit-blob-59935988653e8c8e1618c0882c90c2a56f68953a%2FAddRemove.jpeg?alt=media) 8\. To assign the group to the server select the **Push Groups** tab 9\. Click **Push Groups** will synch the Group in Code Ocean 10\*\*.\*\* Click **Find groups by name** ![](https://1896218754-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0FwC6oCl8rKnGtPrZBk0%2Fuploads%2Fgit-blob-30fc39180ddc89e98ce91d32dd05c11ceac2d57d%2FPushGroups.jpeg?alt=media) 11\. Enter the name of the group 12\. Click **Close** To view the group in Code ocean navigate to the capsule, click **Share,** in Set Permissions for capsule click the dropdown, the group will show in the list. Any changes made to the group will synch back to Okta when saved.