SAML SSO Okta: User Provisioning
With SCIM protocol, admins can set up automatic user provisioning and deprovisioning for Wrike with Okta.
Set up Wrike with the System for Cross Identity Management (SCIM) standard to automatically provision or deprovision users based on their status in Okta.
Automatic provisioning: Okta users are automatically provisioned for Wrike.
Synced user attributes: User attributes are automatically updated in Wrike when they're updated in Okta.
Automatic deactivation: Wrike users are automatically deactivated in Wrike when they're deactivated in Okta.
This page is about integrating Wrike with Okta SCIM. We have a separate page on setting up SSO to Wrike through Okta.
Members added through SCIM are billable as soon as they're provisioned.
You must have permission to Configure advanced security settings in Wrike and be an Okta admin to set up Wrike with Okta SCIM. We recommend setting up SSO with Okta first.
Only users from approved domains will be automatically provisioned to Wrike.
Open your Wrike workspace.
Click your profile picture in the view’s upper right-hand corner.
Select Apps & Integrations.
Find Okta in the list of apps (make sure to select Identity management and single sign-on via Okta, not Okta via Wrike Integrate), click the app, and switch to the SCIM tab.
Scroll to the bottom and copy the SCIM URL. You’ll be using it in a few steps.
Close the Okta pop-up (but stay in Wrike) and move on to Step 3.
Click API from the left-hand side of the Apps & Integrations page.
Enter a name in the App name field (we suggest Okta SCIM).
Click Create new.
(Optional) Add an app description.
Scroll to the bottom of the page and click Create v4 Token.
Enter your password and click Obtain token.
Copy the token and save it somewhere. You’ll need to enter this information in Okta.
You’re only shown your token once, so make sure you save it prior to moving on to the next steps.
Sign in to your Okta domain at <yourorganization>.okta.com.
Find and select Wrike.
Switch to the Provisioning tab.
Click Configure API Integration.
Check the box next to Enable API integration.
In the Base URL field, add the URL from Step 2.
In the API Token field, add the token from Step 3.
Click Test API Credentials to verify that access is working correctly.
Click Edit next to the Provisioning to app label.
Enable all or some synchronizations: Create Users, Update User Attributes, and Deactivate Users.
Switch to the Assignments tab.
Enable Wrike for select people or groups, or for all users.
The following attributes are synced from Okta to Wrike:
Primary phone number
Wrike user type
Specifying the Wrike user type (Regular, External, and Collaborator) is a custom attribute. By default, Regular users are created.
If certain user attributes (e.g., phone number, department, or secondary emails) are filled in Wrike but missing in Okta, the information stays in Wrike even after user provisioning.
If a user doesn't get provisioned or deprovisioned:
Check the System Log in the Okta administration portal to see if a SCIM provisioning attempt is listed there.
If there is no provisioning attempt listed, make sure that users are properly assigned to Wrike’s application in Okta.
If an error is listed, please contact our Support Team and provide error details.