Okta SCIM Org Roles
Update Okta User Org Role
For every user, Statsig surfaces a SCIM field named statsigOrgRole
. Through this field, you can manage organization user roles.
Currently, Okta can only push role updates to Statsig.
Step 1. Create the Custom Attribute in Okta
Navigate to Directory > Profile Editor
and select the User (default) Okta profile. This represents all of the Okta users' attributes.
Scroll down and press Add Attribute
and fill out the new attribute to have the variable name statsigOrgRole
.
Step 2. Create the Custom Attribute in the Statsig SCIM Integration
Now Navigate to the Statsig SCIM Integration's User Profile
in the Profile Editor
.
Add an new attribute that matches the following format:
- Variable name:
statsigOrgRole
- External namespace:
urn:ietf:params:scim:schemas:core:2.0:User
Step 3. Create a Mapping from Statsig to Okta for the Custom Attribute
On the same Statsig SCIM profile editor, navigate to the Mappings
button.
Scroll down to the new attribute statsigOrgRole
and map user.statsigOrgRole
to the Okta attribute statsigOrgRole
.
Step 4. Create a mapping from Okta to Statsig for the Custom Attribute
Now navigate to the Okta User to Statsig SCIM user mapping.
Scroll down to the statsigOrgRole
attribute and map user.statsigOrgRole
to the Okta attribute statsigOrgRole
.
Now all users will be synced with their organization role. On the Statsig SCIM integration you can modify a user's role directly as well.
Step 5. Modify Integration Mappings
Navigate to the Statsig SCIM integration provisioning section.
Under the "To App" tab, scroll down to the statsigOrgRole
attribute.
Set the attribute value to
Map from Okta Profile
and statsigOrgRole
.
Set apply on Create and update
.
Navigate to the "To Okta" tab and scroll down to the statsigOrgRole
attribute.
Set the attribute value to Map from Statsig Profile
and statsigOrgRole
.
Set apply on Create
.