- Erste Schritte
- Datensicherheit und Compliance
- Organisationen
- Authentifizierung und Sicherheit
- Allowing or restricting basic authentication
- Configuring SCIM User Sync with Microsoft Entra ID
- Configuring SCIM User Sync with Okta
- Anforderungen an die Passwortkomplexität lokaler Benutzer
- Lizenzierung
- Über die Lizenzierung
- Einheitliche Preise: Lizenzierungsplan-Framework
- Aktivieren Ihrer Enterprise-Lizenz
- Migrieren von Test Suite zu Test Cloud
- Lizenzmigration
- Zuweisen von Lizenzen zu Mandanten
- Zuweisen von Benutzerlizenzen
- Freigegeben von Benutzerlizenzen
- Überwachung der Lizenzzuweisung
- Lizenzüberzuweisung
- Lizenzierungsbenachrichtigungen
- Benutzerlizenzverwaltung
- Mandanten und Dienste
- Konten und Rollen
- AI Trust Layer
- Externe Anwendungen
- Benachrichtigungen
- Protokollierung
- Data Export
- Tests in Ihrer Organisation
- Fehlersuche und ‑behebung
- Migration zur Test Cloud
Test Cloud-Administratorhandbuch
This page describes how to configure SCIM (System for Cross-domain Identity Management) User Sync between Okta and your UiPath organization.
Public preview: SCIM User Sync is currently in public preview.
Voraussetzungen
- An Enterprise or Enterprise Trial license for your UiPath organization.
- Admin permissions in both your UiPath organization and your Okta tenant.
- A working Security Assertion Markup Language (SAML) Single Sign-On (SSO) integration between Okta and UiPath. For setup instructions, refer to Setting up Okta as your identity provider.
- The same user set must be assigned to both the SAML SSO and SCIM applications.
Bevor Sie beginnen
Set up SSO before you enable SCIM. For a new configuration, complete the steps in this order:
- Create the application in Okta and configure SAML SSO with UiPath. See Setting up Okta as your identity provider.
- Enable SCIM in UiPath (Step 1 below).
- Configure SCIM in Okta (the remaining steps).
Attributzuordnung
The following user attributes are synchronized from your identity provider to UiPath. The SCIM attribute is the value sent by Okta; the UiPath attribute is where it is stored.
| SCIM attribute | UiPath attribute | Erforderlich |
|---|---|---|
externalId | Directory identifier used to match and link the user | Ja |
userName | Benutzername | Ja |
displayName | Anzeigename | Ja |
emails[type eq "work"].value | ||
name.givenName | Vorname | |
name.familyName | Nachname | |
title | Bezeichnung der Tätigkeit | |
addresses[type eq "work"].locality | Stadt | |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department | Department | |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization | Name des Unternehmens |
Okta populates externalId automatically, so you do not need to map it manually.
Step 1: Enable SCIM in UiPath
- Sign in to cloud.uipath.com using an account with organization admin permissions.
- In the left-hand menu, select Admin, then select Security.
- Under Directory integration and single sign-on (SSO), select Enable SCIM.
- Select one of the following authorization methods supported by Okta:
- OAuth2 authorization code grant (recommended)
- Long-lived bearer token
- If you selected the OAuth2 authorization code grant, enter the Redirect URL (your identity provider's OAuth callback). Use the callback URL from Okta's SCIM provisioning documentation, as the exact value depends on your Okta environment and application.
- Wählen Sie Konfigurieren aus.
- Record the following values — you will need them when configuring Okta. Copy them exactly as shown in UiPath rather than constructing them by hand:
- SCIM URL (for example,
https://cloud.uipath.com/{orgId}/identity_/api/scim/v2) - If using the OAuth2 authorization code grant:
- Access token endpoint URI (for example,
https://cloud.uipath.com/{orgId}/identity_/connect/token) - Authorization endpoint URI (for example,
https://cloud.uipath.com/{organizationName}/identity_/connect/authorize?scope=PM.Scim&acr_values=tenantName:{organizationName}) - Client ID and Client Secret
- Access token endpoint URI (for example,
- If using a long-lived bearer token: Bearer token value
- SCIM URL (for example,
Leave this browser tab open. Do not select I have completed identity provider configuration until you finish the steps in the following sections.
Step 2: Configure SCIM in Okta
- Sign in to the Okta Admin Portal using an account with admin permissions.
- Navigate to Applications and select the Okta application used to configure SAML with UiPath.
- Enable SCIM provisioning:
- In the General tab, select Edit under App Settings.
- Under Provisioning, select SCIM.
- Wählen Sie Speichern.
- Configure the SCIM connection:
-
In the Provisioning tab, select Edit under Integration.
-
Set the following fields:
Feld Wert SCIM connector base URL SCIM URL from Step 1 Unique identifier field for users userName -
Under Supported provisioning actions, select:
- Import New Users and Profile Updates
- Push New Users
- Push Profile Updates
-
Set the authentication mode:
OAuth 2 (recommended)
Set Grant type to Authorization Code, then complete the fields:
Feld Wert Authorization endpoint URI Authorization endpoint URI from Step 1 Access token endpoint URI Access token endpoint URI from Step 1 Client-ID Client ID from Step 1 Geheimer Clientschlüssel Client Secret from Step 1 HTTP Header (bearer token)
Feld Wert Autorisierung Bearer token value from Step 1 -
Select Test Connector Configuration.
-
Verify that the connection test is successful.
-
Wählen Sie Speichern.
-
- Enable provisioning features:
- In the Provisioning tab, select To App.
- Enable the following options:
- Create Users
- Update User Attributes
- Deactivate Users
- Wählen Sie Speichern.
Step 3: Complete configuration in UiPath
Return to the UiPath browser tab from Step 1 and select I have completed identity provider configuration.
Ergebnis
SCIM User Sync is now active between Okta and your UiPath organization. Users assigned to the application in Okta will be provisioned into UiPath automatically, and subsequent updates or deprovisioning events in your directory will be pushed to UiPath asynchronously.
To verify the setup, navigate to Admin > Security in UiPath and confirm that the SCIM status shows as enabled. You can also navigate to Admin > Accounts and Groups and confirm that provisioned users appear in the directory.