You can set up SCIM to automatically create users in Condens once they are added to the application in Okta and set users inactive in Condens once they are removed from the Condens application in Okta.
Before you enable SCIM, it is recommended to select an auto provisioning role in Condens. This is the default role that users get assigned when they are provisioned to Condens.
To enable SCIM in Condens, simply go to Settings > Security & Login, then select SCIM provisioning > Enabled.
In Okta, open the Condens application and click on General. Then click on Edit (next to “App Settings”), check Enable SCIM provisioning, and then click Save.
A Provisioning tab will appear in Okta. Click on it and then click on Edit.
Copy the SCIM base connector URL from Condens and paste it into Okta under the SCIM connector base URL
Next to the Unique identifier field for users enter userName
Check Push New Users and Push Profile Updates
Select HTTP Header as Authentication Mode
Copy the SCIM bearer token from Condens and paste it in Okta next to Bearer
Then click on Save.
In the screen that opens, click on Edit (next to “Provisioning to App”). Then enable Create Users, Update User Attributes, and Deactivate Users. After that click on Save.
Using SCIM with Okta, it's possible to set the role of users directly from Okta.
In Okta, select the Condes SSO App under Directory > Profile Editor.
Click Add Attribute in the Attributes section to add the user roles mapping.
Fill out the form so that it reflects the below settings.
Display name: Condens Role (can be anything)
Variable Name: pick the variable name you want to use
External Name: roles.^[primary==true].value
External Namespace: urn:ietf:params:scim:schemas:core:2.0:User
Enum: Yes
Enter the Condens roles as attribute members. Make sure the value is exactly as below and lower-case.
Display name: Admin, Value: admin
Display name: Contributor, Value: contributor
Display name: Limited Access Contributor, Value: limited_access_contributor
Display name: Full Access Viewer, Value: full_access_viewer
Display name: Viewer, Value: viewer
Display name: Non-Research Admin, Value: admin#nonresearch
In March 2025, Condens changed the names of some roles. For SCIM connections set up before that date, the old Condens role names (researcher, full_access_stakeholder, stakeholder) still work and are mapped to the new names (contributor, full_access_viewer, viewer):
Attribute length: you can leave that empty
Attribute requires: Yes
Attribute type: Select this depending on your setup and preferences
Then click "Save"
Once this is done, you can assign a user role to each user during the application assignment, either directly or via mapping.
It is also possible to assign user groups through SCIM. For that, the "groups" property should be set and the values should match the names of the groups the user should be assigned to.