Wrike & Okta: User Provisioning
Wrike admins on Enterprise accounts can set up automatic user provisioning and deprovisioning for Wrike with Okta using SCIM protocol.
Set up Wrike with the System for Cross Identity Management (SCIM) standard to automatically provision or deprovision users based on their status in Okta.
- Automatic provisioning - Okta users are automatically provisioned for Wrike.
- Synced User Attributes - User attributes are automatically updated in Wrike when they are updated in Okta. View synced attributes.
- Automatic deactivation - Wrike users are automatically deactivated in Wrike, when they are deactivated in Okta.
This page is about integrating Wrike with Okta SCIM, we have a separate page on how to set up SSO to Wrike through Okta.
- Members added through SCIM are billable as soon as they're provisioned.
You must be an admin on a Wrike Enterprise account with the permission "Configure advanced security settings" as well as an Okta admin to set up Wrike with Okta SCIM. We recommend setting up SSO with Okta before proceeding.
Step 1: Add Approved Domains
Only users from approved domains will be automatically provisioned to Wrike.
Step 2: Find and Note the SCIM URL
- Open your Wrike Workspace.
- Click your profile picture in the view’s upper right-hand corner.
- Select Apps & Integrations.
- Find Okta in the list of apps (make sure to select "Identity management and single sign-on via Okta", not "Okta via Wrike Integrate"), click on the app and switch to the SCIM tab.
- Scroll to the bottom and copy the SCIM URL. You’ll be using it in a few steps.
- Close the Okta pop-up (but stay in Wrike) and proceed to step 3.
Step 3: Obtain the OAUTH Token
- Click API from the left-hand side of the Apps & Integrations page.
- Enter a name in the “App name” field” (we suggest Okta SCIM).
- Click “Create new”.
- Add an app description (optional).
- Scroll to the bottom of the page and click “Create v4 Token”.
- Enter your password and click "Obtain token".
- Copy the token and save it somewhere, you’ll need to enter this information in Okta. Important! You’re only shown your token once, so make sure you save it prior to moving to any next steps.
- Click "Save".
Important! You’re only shown your token once, so make sure you save it somewhere.
Step 4: Finalize the Setup from Okta
- Sign in to your Okta domain at <yourorganization>.okta.com.
- Click Admin.
- Click “Applications”.
- Find and select “Wrike”.
- Switch to the "Provisioning" tab.
- Click "Configure API Integration".
- Check the box next to “Enable API integration”.
- Add information
- In the SCIM 2.0 Base URL field - add the url obtained in Step 2.
- In the OAuth Bearer Token field - add the token obtained in Step 3.
- Given name
- Family name
- Primary email
- Job Title
- Primary phone number
- Organization name
*This is a custom attribute, specifying the type of user in Wrike. Supported values: "Regular", "External" and "Collaborator". By default, Regular Users are created.
If certain user attributes (e.g. phone number, department, or secondary emails) are filled in in Wrike but missing in Okta, the information remains in Wrike even after user provisioning.
If a user does not get provisioned or deprovisioned,
- Check the System Log in the Okta administration portal to see if a SCIM provisioning attempt is listed there.
- If there is no provisioning attempt listed, make sure that users are properly assigned to Wrike’s application in Okta.
- If an error is listed, please contact our Support Team (email@example.com) and provide error details.