Okta SAML SSO SCIM Provisioning


This integration is Okta certified for Partner-built EA. Contact support@sendsafely.com to learn more.


The following provisioning features are supported:

Create Users

Users assigned to the Okta SendSafely application will be automatically created and registered in the associated SendSafely Enterprise organization. Provisioned users will be able to log into SendSafely by clicking the “Login using Single Sign-on” button from their SendSafely Enterprise portal login page or by clicking the SendSafely application from their Okta Home page.

Update User Attributes

Updates made to the user's Okta profile will also update the associated attributes in the user’s SendSafely profile. The only user profile attributes currently supported for updating from Okta are First Name and Last Name.

Deactivate Users

Deactivating the user or disabling the user's access to the SendSafely application through Okta will deactivate the user’s account in SendSafely. Deactivating a user results in removal of the SendSafely user's profile data and deletion of all files and messages from their history.


Provisioning for SendSafely requires the following:

  • You have completed the setup for Single Sign-On (SSO) with SAML in your SendSafely Enterprise organization. Please refer to the Setup Single Sign-On (SSO) with SAML SendSafely Help Center article for more information on setting up SAML SSO in the SendSafely Enterprise organization.
  • A SendSafely Enterprise Administrator account to perform all provisioning actions from Okta. The account must be first configured with a SCIM API Key, which can be retrieved from the API Keys section of the SendSafely Enterprise Administrator’s Edit Profile screen (Account menu -> Edit Profile). Generate a new API Access Key, and then you will see an option that says "Click here if you would like to use this API key for SCIM authentication" (refer to Figure 1). When clicked, this will display the Username and Password required for configuring the SCIM API integration (refer to Figure 2). Note that the SCIM API Password will only be displayed once, when generated.

Figure 1.


Figure 2.



Step-by-Step Configuration Instructions

Configure Provisioning for SendSafely as follows:

1. Make sure the Hostname setting under General App Settings is configured to your SendSafely Enterprise organization hostname.


  1. Click the Provisioning tab, then the Configure API Integration button.


  1. Check Enable API Integration and enter the SCIM API Username and SCIM API Password previously generated from the designated SendSafely Enterprise Administrator account. When you click the Test API Credentials button, you should see a success message similar to that highlighted below.


Click the Save button when done. You are now ready to configure Okta to Application provisioning settings.

  1. From the SETTINGS menu, select To App, and the click the Edit button. Check Enable for the following features supported by the Okta SendSafely SCIM Provisioning integration:
  • Create Users
  • Update User Attributes
  • Deactivate Users

Click the Save button. See screenshot below for reference.


The setup is complete, and you can now perform provisioning for the SendSafely application.


Known Issues/Troubleshooting

  • Only provisioning from Okta to SendSafely is supported at this time.
  • SendSafely does not currently support updates made to a user's User Name from the OKTA User Profile Editor.
Have more questions? Submit a request