SCIM Integration
๐ Cloud EnterpriseSCIM Integration is only available on Lightdash Enterprise plans. For more information on our plans, visit our pricing page.
Summaryโ
This document describes the steps required to integrate Azure or Okta SCIM protocol into your Enterprise instance. This provides a connection for Azure or Okta to manage users and groups within your organization.
SCIM Setup within Lightdashโ
Sign into your Lightdash instance, click your initials at the top-right, and select User Settings.
In the sidebar, select SCIM Access Tokens.
Click Generate new token.
- Give it a name and an optional expiration date.
Once generated, copy and save it in a safe place, as it cannot be viewed again once the modal is closed.
Note: Now you will also be able to see your SCIM URL at the top of the page. You will need this when connecting an external SCIM service, such as Okta or Azure.
Okta Integrationโ
You'll need administrative permissions to configure SCIM for your organization
Step 1 - Add or Create Application in Oktaโ
You can skip this step if you have Azure SSO already configured. An application will already be present.
Visit your Okta account and sign in.
In the sidebar, click Applications > Browse App Catalog.
Search for "SCIM" and select SCIM 2.0 Test App (Header Auth).
Click + Add Integration.
Give it a friendly name and click Next.
Change Application username format to email.
Save your configuration by clicking Done.
Step 2 - Connect SCIM to Lightdash from Oktaโ
In the sidebar, click Applications > Applications.
Select your application and go to the Provisioning tab.
Select Configure API Integration.
Check the Enable API integration checkbox.
Fill in the following fields:
- Base URL:
https://YOUR_APP_URL/api/v1/scim/v2/ - API Token:
Bearer YOUR_SCIM_TOKEN(See SCIM Setup within Lightdash above for generating a token)
- Base URL:
Save your configuration.
More options should be available. In Provisioning > To App, select Edit.
- Enable Create Users.
- Enable Update User Attributes.
- Enable Deactivate Users.
- Click Save.
Test the integration by clicking Assignments. Select Assign > Assign to people. Choose a user and click Assign > Save and Go Back. This user should be created in your Lightdash instance.
Lightdash will sync the active status from Okta to Lightdash. For example, if a user is provisioned as inactive or is deactivated in Okta, that user will still exist in Lightdash marked as inactive, meaning they will be unable to use the platform.
Azure Integrationโ
You'll need Hybrid identity administrator permissions to configure SCIM for your organization
Step 1 - Connect SCIM to Lightdash from Azureโ
Visit Entra ID and sign in.
In the sidebar, click Applications > Enterprise applications.
Select + New Registration.
At the top of the page, select + Create Your own application.
- Add a friendly title.
- Leave the default "Non-gallery" option selected.
- Click Test Connection to verify the credentials are correct.
Save your configuration by clicking Create.
Step 2 - Connect SCIM to Lightdash from Azureโ
Navigate to Applications > Enterprise applications and select your application.
Select Users and groups > + Add user/group.
Click None selected, which will open a modal.
- Select any users and groups you want to provision and then close the modal with Select.
Click Assign to save.
Select Provision > Start provisioning.
After a few minutes, your users and groups will be synced.
Lightdash will sync the active status from Azure to Lightdash. For example, if a user is provisioned as inactive or is deactivated in Azure, that user will still exist in Lightdash marked as inactive, meaning they will be unable to use the platform.