Okta SCIM Configuration Guide

Configure user provisioning with Okta

If your organization uses Okta to manage your employees’ access to tools and services, you can take advantage of Okta’s “Provisioning” feature to automatically grant your users access to RubiconMD. 

The integration between Okta and RubiconMD that enables this provisioning to occur is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management). To learn more about how Okta works with SCIM, please see this article.

The remainder of this guide is focused on enabling you to configure RubiconMD for Okta to get provisioning up and running for your organization.

Requirements

1. Let your RubiconMD Account Manager know you would like to enable the Okta SCIM integration for your organization. If you do not have a RubiconMD Account Manager, we’d love to hear from you! Fill out this form. 
2. Get administrative access to the Okta dashboard.

3. Before you configure provisioning for RubiconMD, make sure you have configured the General Settings and any Sign-On Options for the RubiconMD app.

4. If your organization has child organizations configured within RubiconMD, you will need to work with your RubiconMD Account Manager to complete necessary RubiconMD configurations to support provisioning into those child organizations.

Features

The following provisioning features are supported by RubiconMD:

• Create users
  Users in Okta that are assigned to the RubiconMD application in Okta are automatically added as members to your organization in RubiconMD.
• Update user attributes
  User updates in Okta to users assigned to the RubiconMD Application in Okta will have the same updates reflected on the RubiconMD platform.
• Deactivate users
  Users in Okta that are Suspended, Deactivated, or removed from the RubiconMD Application in Okta will be deactivated at RubiconMD and no longer be able to login.
• Import Users
  Import your user accounts from RubiconMD into Okta
• Import Groups
  Import groups is not supported.

Okta Application Configuration 

Before configuring User Provisioning, the RubiconMD app needs to be added into the Applications list in Okta. If it has already been added, Step 1 can be skipped.

Additionally, make sure you have configured the General Settings and any Sign-On Options for the RubiconMD app.

Note: This Configuration Guide is opened from the Provisioning tab. 

Step 1: Add the RubiconMD Okta Application 

1. Click “Applications” > “Applications” > “Browse App Catalog“
   1. If you already have RubiconMD as an application, click on it.
2. Search for “RubiconMD”
3. Click “Add”

4. Click “Done”

   

Step 2: Configure the API integration

1. Click the “Provisioning” tab and click “Configure API Integration“

   

Step 3: Enable the RubiconMD API integration

1. Click the checkbox “Enable API Integration”

2. Click the “Authenticate with RubiconMD” button

   

NOTE:

If there is no activity in a 90 day window, RubiconMD will expire the authentication. Re-authentication will be necessary. See Appendix for steps to re-authenticate.

Step 4: Log into RubiconMD

1. You will be directed to the RubiconMD login screen

2. Input your RubiconMD username and password

   

Step 5: Authorization consent 

1. Click green Authorize button 

   

Step 6: Return to Okta and add provisioning to app 

1. Under the Applications tab, navigate to the RubiconMD application.
2. Click on the Provisioning tab in the application. 
3. Under the Settings panel on the left side, click To App 
4. Click the Edit button at the top right. 
5. Check the Enable box next to 
   1. Create Users 
   2. Update User Attributes
   3. Deactivate Users

Step 7: Configure application user name format

1. Login to Okta admin dashboard 
2. Go to Applications > RubiconMD app  
3. Select the Sign On tab

4. Select Email for the Application username format

   

5. Click “Save”

You should now be able to assign your Okta users to the RubiconMD application as needed.

RubiconMD Integration Steps 

SCIM can be configured to also manage users’ permissions. To configure permissions on the RubiconMD Platform via the SCIM Integration with Okta, the SCIM field userType can be leveraged. See below table for valid user types.

*RMD suggested naming conventions; client can modify Okta Group names
✝If a user type is provided that is not part of this table, a default user type will be used in RubiconMD’s Platform.

Troubleshooting and Tips

• SCIM cannot update user attributes for Okta Admin users. This is an API limitation.
• Reminder: RubiconMD is key-sensitive.
• If you have questions or difficulties with your RubiconMD/Okta integration, please contact RubiconMD support via support@rubiconmd.com.  
• If you are asked to re-authenticate the RubiconMD application, you may have to manually retry any failures via the Tasks dashboard. 
• Although technically configurable, RubiconMD does not support the concurrent use of access groups and the organization field.
• New users will receive a welcome email from RubiconMD once their user is provisioned via SCIM. 

• By default, a configured phone number for a user will opt them into SMS notifications. Mapping and Profile fields for primaryPhone should be removed to prevent automatic opt-in for SMS; only unmapping the field in the Provisioning tab is not enough.

   

Migration Steps (New attributes added) 

RubiconMD has recently been updated to provide a better overall experience to Okta customers. Here is a summary of changes: 

• New attributes and mappings have been added for the organization field. This field can be used within RubiconMD to provision accounts into different sub-organization on the RubiconMD Platform. Talk with your Account Manager to start the mapping and configuration of organizations within RubiconMD.

To take advantage of these updates, and if you already have an existing instance of RubiconMD, please reach out to your RubiconMD Account Manager to be assigned an Integration Resource to assist you with migration. 

Updates made October 2025