Skip to main content
Enabling SCIM disables Forest user editing. All user management must be done through Okta.

Supported Features

The manual Okta SCIM integration enables:
  • User provisioning from Okta to Forest
  • Updating user role, permission level, and tags
  • User deletion when removed from the Okta app
  • Team assignment via groups

Setup Steps

1. Add Forest App

Navigate to Applications > Browse App Catalog, then select “SCIMForest 2.0 Test App (Header Auth)”. Name the application, keeping in mind each app links to one Forest project.

2. Authentication

Generate a provisioning token in Forest project settings. In Okta’s Integration tab, enter the token prefixed with “Bearer” (format: “Bearer [token]“).

3. Configuration

Keep “Sync Password” disabled as it’s unsupported.

4. Custom Parameters

Four parameters require configuration:
  • permissionLevel: Admin, Developer, Editor, or User
  • teams: comma-separated team names (e.g., “Operators,Support”)
  • role: must match existing project roles
  • tags: optional key/value pairs separated by semicolons

5. Attribute Setup

In Profile Editor, set external namespace to urn:ietf:params:scim:schemas:extension:forest:2.0:User

6. Mapping Rules

Create rules directing Okta to Forest for automatic role, permissionLevel, and tags assignment.

7. Group Management

Configure Directory groups for team mapping, then use “Push Groups” to link Okta groups with Forest teams. Optional: disable automatic team renaming in app settings.