Skip to main content
Gainsight Inc.

Okta Gainsight SCIM Setup

  1. Last updated
  2. Save as PDF
This article explains how to configure SCIM (System for Cross-domain Identity Management) integration between Okta and Gainsight. SCIM enables automated user provisioning and de-provisioning.

This article explains how to configure SCIM (System for Cross-domain Identity Management) integration between Okta and Gainsight. SCIM enables automated user provisioning and de-provisioning.

Overview

SCIM integration automates the provisioning lifecycle of users in Gainsight by connecting with your identity provider, Okta. Once configured, the SCIM integration allows you to:

  • Automatically create, update, and deactivate users in Gainsight based on Okta assignments.
  • Synchronize user profile attributes and custom fields between systems.
  • Improve security and efficiency by managing access centrally through Okta.

This guide outlines the full setup process in Okta, including SAML configuration, SCIM connector settings, OAuth authentication, and optional custom field mappings.

Prerequisite

To complete the setup process, admins must have

  • Access to both Okta and Gainsight.
  • Ensure SAML-based SSO is already configured in Okta for Gainsight. For more information, refer to the Gainsight Authentication article.

Create SCIM Application in Okta

  1. Log in to your Okta Admin Console.
  2. Click Create Application.
  3. Select SAML 2.0, click Next.
  4. Under General Settings, enter app name Gainsight SCIM Integration.
  5. Click Next.

creat SAML.png

  1. Configure the following using metadata.xml from Gainsight:
  2. Click Next > Finish.

Enable SCIM Provisioning

After the app is created, you can enable the SCIM provisioning:

  1. Navigate to General tab.
  2. Click Edit. The App Settings dialog appears.
  3. Under the Provisioning option, select SCIM.
  4. Click Save. The Proviosing tab is now enabled

Enable SCIM.png

  1. Configure the below details in the Provisioning tab.

Provision tab.png

 

Field

Value

SCIM Connector Base URL

https://<your-gainsight-tenant-url>/v1/users/services/scim

Unique Identifier Field for Users

userName

Supported Provisioning Actions

  • Import New Users and Profile Updates

  • Push New Users

  • Push Profile Updates

Authentication Mode: OAuth 2.0

  • Create an OAuth App in Gainsight to obtain

    • Client ID

    • Client Secret

For more information on OAuth, refer to the OAuth for Gainsight APIs

Access Token Endpoint URI

https://<your-gainsight-tenant-url>/v1/users/oauth/access/token

Authorization Endpoint URI

https://<your-gainsight-tenant-url>/v1/authorize?clientId=<<clinetId_from_Gainsight_OAuth>>&redirectUri=https://system-admin.okta.com/admin/app/cpc/<<please_enter_okta_application_name>>/oauth/callback&scopes=read_write

For more information on configuring the callback URL, refer to the Okta SCIM Provisioning Integration – Authentication
  1. Click the Authenticate with Gainsight SCIM Integration and authorize Gainsight. 

Add Custom Field Mappings

Gainsight supports custom fields in SCIM APIs with the following data types:

  • Boolean
  • String
  • Picklist
  • Multi-Picklist

Gainsight recommends to contact Gainsight Support to add the same mappings on the Gainsight instance. This ensures that the fields are included in the User Create and Update APIs.

To configure these fields in Okta:

  1. Navigate to Directory > Profile Editor.
  2. Select your SCIM integration app.
  3. Click +Add Attribute.
    Note: The Gainsight SCIM external namespace is urn:ietf:params:scim:schemas:extension:gainsight:2.0:User

Custom field mappin.png

Below images show few examples of data types supported in SCIM API:

  • Boolean Field
    Boolean.jpg
  • String and Picklist Field
    String.jpg
  • Multi-Picklist

    Multiplicklist.jpg
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. Gainsight Integration
    2. Okta Integration
    3. SCIM Setup