> ## Documentation Index
> Fetch the complete documentation index at: https://cosmo-docs.wundergraph.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta

> Configure SCIM with Okta.

### Steps to set up SCIM with Okta

<Steps>
  <Step>
    Set up the password policy (password should contain at least one number and one symbol), if using the **Classic Engine on Okta** follow the below steps**,** or if using the  **OIE engine,**follow the steps as mentioned in this  [**Okta guide**](https://help.okta.com/oie/en-us/content/topics/identity-engine/authenticators/configure-password.htm)**.**

    * Navigate to Security -> Authentication on your Okta Administrator Dashboard.

    * Click Edit and update the password policy by enabling Number and Symbol, then click on Update Policy.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/okta-password-policy-configuration.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=42347ce8e07936f5916b0950563d65d8" alt="Okta application settings" title="Okta application settings" width="2304" height="1187" data-path="images/studio/scim/okta-password-policy-configuration.png" />
    </Frame>
  </Step>

  <Step>
    Navigate to the Applications view within your Okta Administrator Dashboard.
  </Step>

  <Step>
    Click on **Create App Integration**.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/okta-app-integration-creation.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=fdb17ffab54a897ba1cf69792b64196d" alt="Okta sign-on configuration" title="Okta sign-on configuration" width="2304" height="1254" data-path="images/studio/scim/okta-app-integration-creation.png" />
    </Frame>
  </Step>

  <Step>
    A dialog appears, select SWA - Secure Web Authentication and then click **Next.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/okta-swa-app-integration-setup.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=bb184c160d77f70c59b1f5f86e7f6c8a" alt="SCIM provisioning settings" title="SCIM provisioning settings" width="2304" height="1256" data-path="images/studio/scim/okta-swa-app-integration-setup.png" />
    </Frame>
  </Step>

  <Step>
    Now give the app a name and populate the app's login URL with [**https://cosmo.wundergraph.com/login**](https://cosmo.wundergraph.com/login)**.**
  </Step>

  <Step>
    For "**Who sets the credentials**", select **Administrator sets username, user sets password.**
  </Step>

  <Step>
    For the **application username**, select **Email** and then click **Finish.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/swa-integration-setup-for-test-app.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=d8b66058ec61e5a84f2cd6d76899c94d" alt="SCIM user provisioning actions" title="SCIM user provisioning actions" width="1330" height="1318" data-path="images/studio/scim/swa-integration-setup-for-test-app.png" />
    </Frame>
  </Step>

  <Step>
    Now navigate to the **General** tab, click on **Edit** in **App settings.**
  </Step>

  <Step>
    Enable  **SCIM provisioning**and then click on **Save.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/test-app-provisioning-settings.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=27adf3f7e172d34d27769e6b6ea60e0a" alt="SCIM connector test result" title="SCIM connector test result" width="2304" height="1186" data-path="images/studio/scim/test-app-provisioning-settings.png" />
    </Frame>
  </Step>

  <Step>
    Navigate to the settings page on WunderGraph Cosmo and enable **SCIM.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/enable-generative-ai-in-cosmo-settings.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=01e2feb1ccc2fe0b334da6e7e7734295" alt="Provisioning to app settings" title="Provisioning to app settings" width="2304" height="1249" data-path="images/studio/scim/enable-generative-ai-in-cosmo-settings.png" />
    </Frame>
  </Step>

  <Step>
    Once SCIM is enabled, you will be provided with a  **SCIM Server URL,**copy it**.**
  </Step>

  <Step>
    Navigate to the API Keys page on WunderGraph Cosmo and click on New API Key.
  </Step>

  <Step>
    Provide the key with a name, select **Never** for **Expires,** then select  **SCIM** under **Permissions**, then click on **Generate API key.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/create-scim-api-key-for-project.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=f92fc99cc431e1dc1df97350b47c9ab3" alt="SCIM key generation screen" title="SCIM key generation screen" width="1122" height="862" data-path="images/studio/scim/create-scim-api-key-for-project.png" />
    </Frame>
  </Step>

  <Step>
    Copy the API key provided.
  </Step>

  <Step>
    Navigate to the provisioning tab of the app created on okta, then click on **Edit**.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/scim-connection-setup-in-okta.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=15660fbde7af31d08043673f9ac4e9c7" alt="Okta assignments screen" title="Okta assignments screen" width="2304" height="1259" data-path="images/studio/scim/scim-connection-setup-in-okta.png" />
    </Frame>
  </Step>

  <Step>
    Populate the **SCIM connector base URL** with the copied **SCIM server URL** .
  </Step>

  <Step>
    Populate the **Unique identifier field for users** with **"email".**
  </Step>

  <Step>
    Select **Import New Users and Profile Updates, Push New Users and Push Profile Updates** for **Supported provisioning actions.**
  </Step>

  <Step>
    Select  **HTTP Header**for **Authentication Mode.**
  </Step>

  <Step>
    Populate the **Authorization** field  under HTTP Header with the above-copied API key.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/scim-connection-configuration-for-test-app.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=5d4ede5459bd7eb0982a4bd4ada32462" alt="Okta user profile" title="Okta user profile" width="2304" height="1183" data-path="images/studio/scim/scim-connection-configuration-for-test-app.png" />
    </Frame>
  </Step>

  <Step>
    Click on Test Connector Configuration, a dialog will appear showing the connector is configured successfully, click Close.

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/connector-configuration-test-successful.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=3cd099a8a0737facf88257d6c8cd6bb3" alt="Okta group provisioning overview" title="Okta group provisioning overview" width="940" height="1150" data-path="images/studio/scim/connector-configuration-test-successful.png" />
    </Frame>
  </Step>

  <Step>
    Click on **Save.**
  </Step>

  <Step>
    Navigate to the "**to App"** tab**, and** click on **Edit.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/to-app-configuration-for-test-app.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=71f101a758dd047eb9757fe7ce03b2a7" alt="To App configuration for test app" title="To App configuration for test app" width="2304" height="1188" data-path="images/studio/scim/to-app-configuration-for-test-app.png" />
    </Frame>
  </Step>

  <Step>
    Enable  **Create Users, Update User Attributes, Deactivate Users**and **Sync Password.**
  </Step>

  <Step>
    Under **Sync Password** for **Password type**, select **Sync Okta Password.**

    <Frame>
      <img src="https://mintcdn.com/wundergraphinc/I3TSvdyim5FfuVLX/images/studio/scim/provisioning-to-app-setup-for-user-creation.png?fit=max&auto=format&n=I3TSvdyim5FfuVLX&q=85&s=68b0c669f92825ef711b2a88b7d7e27b" alt="Provisioning to App setup for user creation" title="Provisioning to App setup for user creation" width="1004" height="906" data-path="images/studio/scim/provisioning-to-app-setup-for-user-creation.png" />
    </Frame>
  </Step>

  <Step>
    Click **save.**
  </Step>

  <Step>
    Now you can navigate the Assignments tab and assign users/groups who should have access to WunderGraph Cosmo.
  </Step>
</Steps>

<Info>
  If you are using both **SSO with OIDC** and **SCIM**, please make sure that the users assigned in both apps are the same.
</Info>
