> ## Documentation Index > Fetch the complete documentation index at: https://docs.omni.co/llms.txt > Use this file to discover all available pages before exploring further. ## Submitting Feedback If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback: POST https://docs.omni.co/feedback ```json { "path": "/administration/authentication/okta/index", "feedback": "Description of the issue" } ``` Only submit feedback when you have something specific and actionable to report. # Okta authentication > Connect Omni to Okta for secure SAML single sign-on and automated user provisioning. You can connect Omni to Okta to manage authentication and user access through your organization’s existing identity provider. Okta supports **SAML** for single sign-on and **SCIM** for automated user provisioning. You can also sync additional **user attributes** like name, title, or department to keep Omni profiles up to date. ## Integration overview Connecting Okta to Omni allows you to: 1. **Authenticate users** through Okta using SAML. 2. **Control when and how users are provisioned** in Omni. 3. **Sync user profile data** such as display name and department through attribute mappings. ### Supported features Omni supports the following Okta provisioning features: * **Push users** - Users in Okta that are assigned to the Omni application in Okta are automatically added as users in Omni. * **Update user attributes** - When user attributes are updated in Okta, they will be updated in Omni. * **Remove/deactivate users** - When users are removed or deactivated in Okta, their membership to your Omni organization will be revoked. * **Reactivate users** - Reactivating a user will create a new user in Omni with a new external ID. * **Push groups** - Groups and their members in Okta can be pushed to Omni as Omni groups and group members. ### User provisioning options Omni supports two approaches for provisioning users: | Option | How it works | When to use | | ---------------------------- | ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | | **SCIM provisioning** | Users are created in Omni when assigned to the Omni app in Okta. | You want users provisioned immediately upon assignment, regardless of whether they've logged in. | | **First-login provisioning** | Users are created in Omni only when they first log in via SAML. | You want to control seat usage by provisioning users only when they actually access Omni. | You can use first-login provisioning with or without SCIM. Refer to the [SAML setup guide](/administration/authentication/okta/saml) for more details. ### Limitations Omni does not currently support the following Okta provisioning features: * Sync password * Enhanced group push Additionally, note that user sessions will expire after 24 hours. This is not currently configurable. ## Getting started Follow these steps to get set up. You can complete SAML only, or add SCIM and attribute sync for a fully automated experience. | Step | Description | Link | | ---- | ------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------ | | 1 | **Set up SAML SSO** to let users sign in to Omni with their Okta credentials. | [SAML setup →](/administration/authentication/okta/saml) | | 2 | **Enable SCIM provisioning** to automatically create, update, and deactivate users in Omni. | [SCIM setup →](/administration/authentication/okta/scim) | | 3 | **Sync user attributes** like name, title, and department between Okta and Omni. | [Sync attributes →](/administration/authentication/okta/user-attributes) | ## Notes and troubleshooting * **Admin access required:** You’ll need Okta admin permissions to configure SAML and SCIM. * **Test before rollout:** Try SSO with a test user before enabling it organization-wide. * **Sync frequency:** SCIM updates usually occur within a few minutes of changes in Okta. If you run into issues, check your Okta app configuration or see [Omni's troubleshooting SSO guide](/administration/authentication/troubleshooting). ## Related * [Omni SAML configuration overview](/administration/authentication) * [Managing users and groups in Omni](/administration/users) * [Okta documentation](https://\[idp-docs-link]/)