Through the Vanta and Okta SCIM Integration, you can create a connection to import your employees seamlessly into Vanta.

Step 1: Enable SCIM in Vanta

Open the Vanta console and click the gear icon on the top right corner
Then click the Login and Security option on the left hand menu
Scroll to the User provisioning table and click the Enable Toggle to turn on SCIM for your account
Next right click and open the View the Admin Portal in a new tab
Search for Okta and select it from the Select your identity provider drop-down menu. This will take you to a page with instructions on how to configure your Okta Application:
Do not close this tab, we will be configuring an application in Okta next and will need values from the Admin Console for said application.

Step 2: Create SCIM Application in Okta

Title the App integration name
- We recommend using a name that signifies its relation to Vanta
Select Next
Many applications will work with the default configuration that is set on your new application. You should be able to leave the Sign-On Options as default and click done.
- If you require any additional configuration for your directory, such as configuring attribute statements, do so on the Sign-On Options page.
  When you have completed configuring the application, click Done.

In Okta for your newly created SCIM 2.0 Okta App, select the Provisioning tab and then click Configure API Integration.
Next select the Enable API Integration option.
Head back to the Admin Portal tab (from the previous step) and head to step 2. On the bottom of the page you should be able to locate the SCIM 2.0 Base Url and OAuth Bearer Token fields.
Copy the values below and paste them into their respective fields in the Okta admin console

Click the test API Credentials button
- You should see a "SCIM 2.0 Test App (OAuth Bearer Token) was verified successfully!" message. If you do not please confirm the values you provided are correct.

In the Admin Portal, click Continue to move to Step 3.
Vanta automatically receives basic user details like name and email, so you don’t need to configure those. You will, however, need to add a custom attribute to your SCIM application in Okta. Vanta uses this attribute to determine which role to assign to each user or group.
You will paste this attribute name in the Directory Provider Value field in Step 3 in the Admin portal
- We recommend using a name that signifies its relation to Vanta such as vanta_roles or rbac_role_id.
- Make note of this we will need this in the next step

Return to Okta and on the left hand menu under Directory select Profile Editor and search for you SCIM 2.0 application you created earlier

Set the Data type to string
For the display name enter a human readable label so administrators can understand what this attribute is used for.
For variable name. and external name enter the value you added in the Admin Portal in the previous step
Next enter urn:ietf:params:scim:schemas:core:2.0:User for the External namespace field

Enter a description (optional) similar to the Display Name field this should be human readable and clear so administrators know what this attribute is used for.
Then select the Define enumerated list of values checkbox

You will then have to enter a role name followed by a roleID value for each role you expect to assign to users.
You can find the role names, and their IDs by going back into Vanta and selecting the "Roles" tab in the User provisioning table:
You do not need to add every single role, only the roles you expect to grant to your users.
- At a minimum the Admin role needs to be granted to prevent administrators from being locked out of Vanta.
Lastly you need to select the Attribute type, this is telling Okta where the role will be specified. This is either done individually on a users profile directly, or at the group level.
- We suggest adding it at the group level for less overhead.

In Okta, head back to the Applications page and search then select the SCIM App you created.
Select the Provisioning Tab and then Select the To App tab in the left navigation menu.
Click Edit
Enable the following actions and Select Save:
- Create Users
- Update User Attributes
- Deactivate Users

Head back to the Admin Portal tab and go to Step 4 and click the continue button on the bottom of the screen

You can now add your User Assignments for SCIM Provisioning:

Go to your SCIM application in Okta
Select the Assignments tab and click Assign.
From there, assign the Okta application to the proper users/groups
- We recommend organizing groups based on the roles users will have in Vanta. For example, place all administrators in one group, all editors in another, and so on.

When assigning the application to groups, you will need to scroll down to select the role that users in this group should receive. This role is passed to Vanta through the custom attribute you configured earlier in the setup process. For example, assigning the application to a group named Vanta-Admins will grant those users the Admin role via the vanta_roles attribute.
Once complete head over to the Admin Portal tab and click the continue button for Step 5.

Return to Okta, Select the Push Groups tab in the top navigation menu. Click the Push Groups button. Select Find groups by name.

Locate your desired group, select it and click Save to push your group to Vanta. Repeat for all other groups.

You can then head to the Admin Portal tab and click the continue button for Step 6 and do the same for step 7.

Once successful you should see a Directory activated message along with a group count and user count.