Okta SAML Configuration

Configure Single Sign-On with Okta using the SAML protocol, with optional SCIM provisioning for automated user lifecycle management.

Configuration

When you select Okta as your Identity Provider, configure a dedicated Descope application in Okta and connect it to imper.ai.

1. In Okta, create a dedicated Descope application.

2. Copy the Metadata URL from the Okta app's Sign On settings.

3. In imper.ai, select Okta as your IdP and paste the Metadata URL when prompted.

4. imper.ai will provide the Entity ID and ACS URL - copy them.

5. Paste them into the Advanced sign-on settings.

6. Create the application by clicking the Done button.

Assigning Users and Groups

Regardless of whether SCIM is configured, you must navigate to the Assignments tab and assign the relevant people or groups to the newly created Descope application so they can access imper.ai.

SCIM Provisioning

When Okta is configured as your SSO provider, you can optionally enable SCIM provisioning to automate user lifecycle management - including user creation, updates, and deprovisioning - directly from Okta.

Enabling SCIM

1. Navigate in the new Descope app to Provisioning.

2. Under the SSO section, click Edit (or open the SSO configuration dialog).

3. On the Configure IdP step, locate the Enable SCIM provisioning toggle and turn it on.

4. Copy the SCIM Token value displayed - you will need this to configure the SCIM integration in Okta.

5. Add it to the API token field in the Provisioning tab.

6. Uncheck Import Groups in the Provisioning tab.

7. After completing all steps, verify the configuration by clicking the Test API Credentials button, then click Save.

Configuring SCIM in Okta

To take full advantage of SCIM synchronization between Okta and Descope, open the Provisioning tab and enable the Create Users, Update Users, and Deactivate Users actions.