What is Okta SCIM Integration?

The SCIM integration allows you to import and update users from bob into Okta.
Okta will pull Employee, Department, Site and simple list data (e.g. country) into Okta as 'groups' that can be used to create rules in OKTA.

Note: an organization may either opt to use the Okta API or the Okta SCIM. It may be best to consult your organization’s IT staff on what may be suit your organizational needs first.



The following provisioning features are supported:

  • Import New Users - New users created in bob will be imported to OKTA.

  • Import Profile Updates - Updates made to the employee mapped fields would be imported to users OKTA profile.

  • Terminating users - Upon termination or last day at the office (the sooner between the two), the user will be deactivated in OKTA

  • Reactivate Users - Upon rehire the employee account will be activated in OKTA.

  • Passing and updating groups to OKTA - build and sync groups, using SCIM Groups


How to use Okta SCIM Integration


Step-­by-­Step Configuration Instructions

Configuration in bob

Step 1: Create service user

  1. Navigate to Settings > Integrations

  2. Click on the Service Users tile

3. Press on the New Service user button

4. Enter a name for the new service user you are creating

5. Click Save


6. An ID and Token will appear - write these down, you will need them later


Step 2: Set service user permissions

  1. Navigate to Settings > Roles & Permissions

  2. Select an existing group or + Add another group

  3. Click on the People category under Manage Permissions

  4. Open the Lifecycle section

  5. Select View selected employees' lifecycle sections if it is not already marked with a

4. Configure the service user


Configuration in Okta

Use Okta's Classic UI to configure the following.

  1. Login to Okta as an Administrator

  2. Search for and add the bob application.

Don't know how to add an application in Okta? Find out here


3. Navigate to Provisioning > Integration > Configure API integration

4. Mark Enable API Integration

5. Enter the bob service user ID into the Username field

6. Enter the bob service user token into the Password field

7. Press Save


8. Navigate to the Settings area

9. Click To Okta

10. Select email from the Okta username format dropdown in the General section

11. Press Save


Profile Mastering - May be additional cost from OKTA.

  1. Navigate to Provisioning > To Okta

  2. Under the Profile & Lifecycle Mastering section click Edit

  3. Check the box next to Allow bob to master Okta users

  4. If you would like to allow for automatic sync of reactivated users from bob to Okta check the boxes next to Reactivate suspended Okta users and Reactivate deactivated Okta users

  5. Press Save

You're done setting up! You're ready to sync users from bob to Okta now.


Default field mapping

Hibob OKTA
Employee id id
Email userName
First Name name.givenName
Last Name name.familyName
Middle Name name.middleName
Prefix name.honorificPrefix
Display Name displayName
Email emails.[idx].value
Job Title title
Address Line 1 addresses.[0].streetAddress
Address City addresses.[0].locality
Address Postal Code addresses.[0].postalCode
Address Country addresses.[0].country
Full Address addresses.[0].formatted
Work Phone phoneNumbers.[idx].value

For additional or custom fields please have a look at the

OKTA SCIM Custom Field Mapping guide.


Need more help?

If you're unsure about anything, send us a message through the chat icon below.