1. Add SCIM provisioning in OKTA
After your SSO integration is created, click the General tab.
Click Edit within the App Settings group.
In the Provisioning section, select Enable SCIM provisioning and click Save.
2. Update provisioning options
Select the new Provisioning tab. The SCIM connection settings appear under Settings > Integration.
Click Edit.
Enter the following information to set up
SCIM connector base URL:
https://api.airmason.com/api/v1/scim/v2Unique identifier field for users:
userNameSupported provisioning actions:
Check all of the following:Import New Users and Profile Updates
Push New Users
Push Profile Updates
Push Groups
Authentication method:
HTTP HeaderToken:
AirMason will provide you with your unique API key. If you haven’t received one, please contact the integrations team.
Note: When selecting your “Supported provisioning actions”, you may choose to select “Import Groups” to experience the full provisioning functionality. If you check this box, you may find that you encounter a 400 Bad Request error upon saving your configuration. If that is the case, you’ll need to open a support ticket with Okta to request that the SELECTIVE_APP_IMPORT_PLATFORM feature is enabled.
3. Update Provisioning settings
From the below screen, click Edit and make sure to enable:
Create Users
Update User Attributes
Deactivate Users
These settings are necessary to make the syncs succeed.
4. Update user mappings
To ensure accurate synchronization between Okta and AirMason, you'll need to map specific user attributes. Some of these attributes may not exist by default in Okta and will require manual creation. Once established, these attributes can be mapped to AirMason's SCIM fields.
Attribute Name | Field in AirMason | Description |
|
| User's office location |
|
| Organization name |
|
| Department within the company |
|
| Division within the department |
|
| Custom code (e.g., employee code) |
|
| State or province |
|
| Type of employment (e.g., full-time, contractor) |
|
| Country of residence |
|
| Full name (combination of givenName and familyName) |
|
| Email address |
|
| Employee number or identifier |
Part A: Creating Custom Attributes in Okta (If Needed)
For attributes like office, organization, department, division, code, state, and employeeType, you may need to create custom attributes in Okta if they do not exist. Here's how:
Access the Profile Editor:
In your Okta Admin Console, go to the Provisioning tab of your AirMason application.
Under Settings in the left panel, select To App.
Click on the Go To Profile Editor button.
Add a New Attribute:
Click Add Attribute.
Fill in the necessary details:
Display Name: e.g.,
OfficeVariable Name: e.g.,
officeExternal Name: Same as variable name
External Namespace:
urn:ietf:params:scim:schemas:extension:enterprise:2.0:UserData Type:
stringDescription: Optional, but helpful for clarity.
Click Save or Save and Add Another.
Repeat this process for each custom attribute you may need. For more detailed instructions, refer to Okta's support article on Creating a New Custom Attribute.
Part B: Mapping Okta Attributes to AirMason SCIM Fields
Once the above is completed,
Click on the Mappings button.
On the popup, select the Okta User to AirMason Tab.
Use the following table as a reference:
Okta Attribute | AirMason User Profile |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Note: Custom attributes need to be created in Okta before they can be mapped. Some standard attributes are available by default.
After mapping all necessary attributes, click Save Mappings.
Confirm the changes when prompted.
For more information on attribute mapping, see Okta's guide on Mapping Attributes from Okta to an Application.
These fields are utilized within AirMason for personalization, access control, and organizational structuring.
Triggering a manual sync
If you need to trigger a manual sync of your employees, follow these simple steps:
Navigate to your Application
Open the Assignments tab
Click on the Provision now button