Integrating Okta and Workstream allows you to maintain your organization's SSO requirements and ensures your Workstream user provisioning fits into pre-existing workflows. Configuring SCIM allows you to automatically push user updates from Okta to Workstream, in order to keep your organization's permissions and access current.

Note: Looking to set up SAML 2.0 so your users can login via Okta SSO? You can find the steps to set up SAML 2.0 in this article. SAML 2.0 configuration is also a requirement before you can enable SCIM provisioning.

Supported Features

Workstream's integration with Okta supports the following actions taken within Okta:

  • Push New Users: New users created through Okta will also be created in Workstream

  • Push Profile Updates: Updates made to the user's profile through Okta will be applied to the user's Workstream account.

  • Push User Deactivation: Deactivating the user or disabling the user's access to the application through Okta will deactivate the user in Workstream.

    • Note: The user will be deactivated, which prevents them from logging into Workstream. However, their information and activity will remain (i.e. requests created, assets added and certified, etc.).

  • Reactivate Users: User accounts can be reactivated in Workstream via Okta.

For more information on the listed features, visit the Okta Glossary.


Getting Started

SAML 2.0 must be configured first before SCIM can be set up. To set up SAML 2.0, follow the instructions in our help center article.

Enabling SCIM require steps to be taken by the Workstream team, which may have already been completed as part of your SAML setup process. However, if you have previously enabled SAML 2.0 without activating SCIM, you will need to start by reaching out to let us know. You can do this either via the support widget at the bottom of this page, or by emailing [email protected].


SCIM Provisioning

To enable SCIM provisioning click on the "Provisioning" tab and then click the “Configure API Integration” button.

Check “Enable API Integration”. Enter the user name and password provided by Workstream’s support team.

Once configured, test the configuration by clicking "Test API Credentials". If the connection is successful, you will see a “Workstream was verified successfully!” message. Click “Save”.

Next you will need to enable the various provisioning actions. Still in the provisioning tab, click on “To App” in the lefthand navigation. Enable the following:

  • Create Users

  • Update User Attributes

  • Deactivate Users

Note: the integration supports provisioning from Okta → Workstream only, so you will not need to configure any settings under the "To Okta" section.

Click the “Save” button. Your SCIM configuration is now ready to use.

Coming Soon

  • SCIM support - Groups

Did this answer your question?