All articles

SAML SSO Okta: User Provisioning

Table 59. Availability - Legacy plans


Overview

With SCIM protocol, admins can set up automatic user provisioning and deprovisioning for Wrike with Okta.

Set up Wrike with the System for Cross Identity Management (SCIM) standard to automatically provision or deprovision users based on their status in Okta.

  • Automatic provisioning: Okta users are automatically provisioned for Wrike.

  • Synced user attributes: User attributes are automatically updated in Wrike when they're updated in Okta.

    Note

    To successfully update user attributes of account admins, the account admin who issued the API token must have the right to grant/revoke admin rights enabled.

  • Automatic deactivation: Wrike users are automatically deactivated in Wrike when they're deactivated in Okta.

This page is about integrating Wrike with Okta SCIM. We have a separate page on setting up SAML SSO to Wrike through Okta.

Note

Members added through SCIM are billable as soon as they're provisioned.

Set up Wrike with Okta SCIM

You must have permission to Configure advanced security settings in Wrike and be an Okta admin to set up Wrike with Okta SCIM. We recommend setting up SAML SSO with Okta first.

Step 1: Add approved domains

Only users from approved domains will be automatically provisioned to Wrike.

Step 2: Find and note the SCIM URL

  1. Open your Wrike workspace.

  2. Click your profile picture in the view’s upper right-hand corner.

  3. Select Apps & Integrations.

  4. Find Okta in the list of apps (make sure to select Identity management and single sign-on via Okta, not Okta via Wrike Integrate), click the app, and switch to the SCIM tab.

  5. Scroll to the bottom and copy the SCIM URL. You’ll be using it in a few steps.

  6. Close the Okta pop-up (but stay in Wrike) and move on to Step 3.

Step 3: Obtain the OAUTH token

  1. Click API from the left-hand side of the Apps & Integrations page.

  2. Enter a name in the App name field (we suggest Okta SCIM).

  3. Click Create new.

  4. (Optional) Add an app description.

  5. Scroll to the bottom of the page and click Create Token.

  6. Enter your password and click Obtain token.

  7. Copy the token and save it somewhere. You’ll need to enter this information in Okta.

    Important

    You’re only shown your token once, so make sure you save it prior to moving on to the next steps.

  8. Click Save.

Step 4: Finalize the setup from Okta

  1. Sign in to your Okta domain at <yourorganization>.okta.com.

  2. Click Admin.

  3. Click Applications.

  4. Find and select Wrike.

  5. Switch to the Provisioning tab.

  6. Select Integration in the left panel.

  7. Click the Edit to the right of the Integration label.

  8. Check the box next to Enable API integration.

  9. Add information:

    • In the Base URL field, add the URL from Step 2.

    • In the API Token field, add the token from Step 3.

  10. Click Test API Credentials to verify that access is working correctly.

  11. Click Save.

  12. Select To app in the left panel.

  13. Click Edit to the right of the Provisioning to app label.

  14. Enable all or some synchronizations: Create Users, Update User Attributes, and Deactivate Users.

  15. Click Save.

  16. Switch to the Assignments tab.

  17. Enable Wrike for select people or groups, or for all users.

Wrike Attribute Mappings

The following attributes are synced from Okta to Wrike:

  • Username

  • Given name

  • Family name

  • Primary email

    Note

    The primary email in Wrike is not changed when this attribute is synced from Okta.

  • Title

  • Primary phone

  • Organization

  • Department

  • Wrike user type

Note

Specifying the Wrike user type (Regular, External, and Collaborator) is a custom attribute. By default, Regular users are created.

Troubleshooting

Missing attributes

If certain user attributes (e.g., phone number, department, or secondary emails) are filled in Wrike but missing in Okta, the information stays in Wrike even after user provisioning.

User provisioning/deprovisioning

If a user doesn't get provisioned or deprovisioned:

  • Check the System Log in the Okta administration portal to see if a SCIM provisioning attempt is listed there.

    • If there is no provisioning attempt listed, make sure that users are properly assigned to Wrike’s application in Okta.

    • If an error is listed, please contact our Support Team and provide error details.

What's next?

Top