Explore documentation
  1. Welcome to Uptime 👋
  2. Frequently Asked Questions
  3. Monitoring
    1. Get started
    2. Working with monitors
    3. Customizing monitors
    4. Monitor types
  4. On-call scheduling and alerting
    1. Get started
    2. Sending alerts to Slack ↗
    3. Connecting external calendars
    4. Advanced guide
  5. Incidents
    1. Get started
    2. Advanced guide
  6. Status pages
    1. Get started
    2. Advanced guide
  7. Integrations
    1. Integrating with Better Stack
      1. Slack
      2. Microsoft Teams
      3. iOS & Android mobile apps
      4. iOS & Android phone call alerts
      5. On-call routing number
      6. Datadog
      7. New Relic
      8. Prometheus
      9. Zabbix
      10. Intercom
      11. AWS CloudWatch
      12. Google Cloud
      13. Webhooks
      14. Okta SSO
        1. Overview
        2. SAML setup instructions
        3. SCIM setup instructions
        4. Dynamic RBAC Assignments
      15. Azure SSO
      16. Jira
      17. Zapier
      18. Terraform
  8. Team and account management
    1. Team management
    2. Account settings
    3. Audit logs
    4. Migrating to pay as you go
  9. Uptime API
    1. Get an API token
    2. Monitors
    3. Heartbeats
    4. On-call & incidents
    5. Status pages
    6. Metadata
    7. Integrations

Dynamic RBAC Assignments

Prerequisites

Before proceeding, complete the initial setup for SSO and SCIM provisioning as outlined in Okta SSO & SCIM provisioning.

Configuring Okta groups for Better Stack roles

Create Okta groups that match the Better Stack roles. Users in these Okta groups will automatically receive corresponding roles in Better Stack when provisioned via SCIM.

Supported roles in Better Stack

  • Admin
  • Billing admin
  • Team lead
  • Responder
  • Member

Find a full overview of permissions per role in Roles & Permission settings.

Steps in Okta administration

  1. For each role in Better Stack, ensure there is a corresponding group in Okta with the exact same name. For example, to create users with Admin access, name the group Admin.
  2. Place users into the appropriate Okta groups based on their intended roles in Better Stack.
  3. Once users are added to the group, go to Applications -> Better Stack -> Assignments -> Assign -> Assign to Groups -> Find created group & Assign.
  4. In the Better Stack app, go to Push Groups -> + Push Groups -> Find groups by name -> Select group -> Save.

That’s it! You should now see the newly created group in Better Stack Teams, along with all assigned members.

Renaming groups in Okta

Once users are assigned, you can rename the group in Okta without affecting assigned roles.

Advanced setup: Attribute-based role assignment

For organizations needing more flexibility, attributes can be used for role assignment for each user specifically.

Configuring attribute-based role assignment in Okta

  1. Go to Applications -> Better Stack -> Provisioning -> To app -> Better Stack attribute mappings.
  2. Open Profile editor -> + Add attribute.
  3. Fill in the following required values (these must be set for proper integration with Better Stack):
    • External name: roleName
    • External namespace: urn:ietf:params:scim:schemas:core:2.0:User
  4. The remaining fields depend on your organization's internal conventions and may differ. Adjust them as needed:
    • Display name: Better Stack Role
    • Variable name: roleName | better_stack_role_name
    • Description: Better Stack assigned user role
    • Enum: Define enumerated values to match your organization's role structure.

Ensure attribute members correspond with the roles your organization uses as defined in Roles & Permissions.

Mapping attributes to user profiles

  1. Stay in the Profile editor and navigate to Mappings.
  2. Scroll to roleName and set Choose an attribute or enter an expression to appuser.roleName.
  3. Click Save mappings.

Assigning role to a user

  1. Go to Applications -> Better Stack -> Assignments.
  2. Select a user to edit.
  3. Edit the Better Stack Role.

Previous article

Okta SCIM setup instructions

Next article

Microsoft Azure / Entra ID SSO & SCIM provisioning