Skip to main content

Set up SCIM beta

The System for Cross-Domain Identity Management (SCIM) makes user data more secure and simplifies the admin and end-user lifecycle experience by automating user identities and groups. You can create or disable user identities in your Identity Provider (IdP), and SCIM will automatically make those changes in near real-time downstream in dbt Cloud.

Supported features

The currently available supported features for SCIM are:

  • User provisioning and de-provisioning
  • User profile updates
  • Group creation and management

The following IdPs are supported in the dbt Cloud UI:

  • Okta
  • Entra ID (coming soon)

If your IdP isn’t on the list, it can be supported using dbt Cloud APIs (docs coming soon).

SCIM configuration for Okta beta

Please complete the setup SSO with Okta steps before configuring SCIM settings.

To configure the SCIM settings for Okta:

  1. Navigate to your dbt Cloud Account settings.
  2. Select Single sign-on from the left-side menu.
  3. Click Edit, scroll to the bottom of your Okta configuration settings, and click Enable SCIM.
    • In later steps, you will need both the SCIM base URL and SCIM token.
SCIM enabled in the Okta configuration settings.SCIM enabled in the Okta configuration settings.
  1. Manual updates are disabled by default for all SCIM-managed entities, including the ability to manually invite new users. This ensures SCIM-managed entities stay in sync with the IdP, and we recommend keeping this setting disabled.
    • However, if you need to make manual updates (for example, if you want to update group membership for a SCIM-managed group), you can enable this setting by clicking Allow manual updates.
Enabling manual updates in SCIM settings.Enabling manual updates in SCIM settings.

  1. Log in to your Okta account and locate the app configured for the dbt Cloud SSO integration.

  2. Navigate to the General tab and ensure Enable SCIM provisioning is checked or the Provisioning tab will not be displayed.

    Enable SCIM provisioning in Okta.Enable SCIM provisioning in Okta.

  3. Open the Provisioning tab and select Integration.

  4. Paste the SCIM base URL from dbt Cloud to the first field and enter your preferred Unique identifier field for users (such as username) next.

  5. Click the checkboxes for the following Supported provisioning actions:

    • Push New Users
    • Push Profile Updates
    • Push Groups

  6. From the Authentication mode dropdown, select HTTP Header.

  7. In the Authorization section, paste the token from dbt Cloud into the Bearer field.

    The completed SCIM configuration in the Okta app.The completed SCIM configuration in the Okta app.

  8. Test the connection and click Save once completed.

You've now configured SCIM for the Okta SSO integration in dbt Cloud.

0
Edit this page