- Follow the Directory Sync setup instructions until Step 3: Set up Attribute Mapping. This is where we will map an Okta attribute to the Vanta rbac_role_id attribute. In this example, we will use a custom attribute named vanta_role.
- First, let’s set up the role attribute in Okta.
- In your Okta account, go to Directory, followed by Profile Editor, and find your app.
- Click + Add attribute
- In the modal that opens, fill in the attribute properties.
- Set the Variable name and External name to the name you’ve chosen for your custom attribute
- The External namespace must be
urn:ietf:params:scim:schemas:core:2.0:User
- Select Define enumerated list of values and fill in the attribute members with each Vanta role you want to enable through SCIM.
- If you leave the type of attribute as Personal, then when you assign a user to the application, you will be able to select their role.
- If you prefer, you may also make it a Group attribute and a group for each role. When you assign each group to the application, set the attribute under the role you wish to assign to the group.