Explore documentation
  1. Welcome to Uptime 👋
  2. Frequently Asked Questions
  3. Monitoring
    1. Get started with monitoring
    2. Working with monitors
    3. Customizing monitors
    4. Monitor types
  4. On-call scheduling and alerting
    1. Get started with on-call
    2. Sending alerts to Slack ↗
    3. Connecting external calendars
    4. Advanced on-call setup
  5. Incidents
    1. Working with incidents
    2. Create incidents manually
    3. Post mortems
    4. Incident silencing
    5. Incident metadata
  6. Status pages
    1. Get started with status pages
    2. Working with status pages
  7. Integrations
    1. Integrating with Better Stack
      1. Slack
      2. Microsoft Teams
      3. iOS & Android mobile apps
      4. iOS & Android phone call alerts
      5. On-call routing number
      6. Datadog
      7. New Relic
      8. Prometheus
      9. Zabbix
      10. AWS CloudWatch
      11. Google Cloud
      12. Webhooks
      13. Okta SSO
        1. SCIM Provisioning
        2. Dynamic RBAC Assignments
      14. Jira
      15. Zapier
      16. Terraform
  8. Team and account management
    1. Team management
    2. Account settings
    3. Audit logs
  9. API
    1. Get started with API
  10. Monitors API
    1. Monitors
    2. Monitor groups
    3. Heartbeats
    4. Heartbeat groups
  11. On-call & Incidents API
    1. On-call calendar
    2. Escalation policies
    3. Severities
    4. Incidents
    5. Comments
  12. Integrations API
    1. New Relic Integrations
    2. Datadog Integrations
    3. AWS CloudWatch Integrations
    4. Azure Integrations
    5. Google Monitoring Integrations
    6. Grafana Integrations
    7. Prometheus Integrations
    8. Email integrations
    9. Incoming webhooks
    10. Splunk On-Call integrations
    11. PagerDuty Integrations
  13. Status pages API
    1. Status pages
    2. Status page sections
    3. Status page resources
    4. Status page reports
    5. Status page report updates
  14. Other API
    1. Metadata

Okta SSO & SCIM Provisioning

In this guide, you're going to learn how to connect your Okta organization with Better Stack, steps on enabling single sign-on (SSO) for you and your colleagues, and a short walkthrough on how to turn on the automatic user provisioning and profile syncing via SCIM.

SSO set-up walkthrough

  1. Start the SSO & SCIM set-up by going to your teams. Note that only organization admins have access to these settings.

  2. On the page with the list of your teams, select Configure Single Sign-On.

  3. Select *Okta SSO from the list of SSO providers.

  4. Take note of the value in the Integration identifier field, we're going to need this in a second.

We're going to switch to the Okta dashboard now.

  1. Sign in to your Okta organization.

  2. Select Applications from the left menu.

  3. Click on Browse App Catalog and look for Better Stack.

  4. Click on Add integration, and input the Integration identifier that you copied before.

  5. Make sure to assign your user account to the Better Stack application now - you won't be able to finish the setup otherwise.

  6. After connecting the Better Stack application and assigning your user, switch to the Sign On panel.

  7. Scroll down to SAML Signing Certificates, open the dropdown for the SHA-2 certificate, and open View IdP Metadata.

  8. Copy the link to the metadata to the field you see back in the Better Stack settings. Alternatively, you can also input the Identity Provider Single Sign-On URL and X.509 Certificate manually.

  9. Click on Connect - you will be redirected to the Okta Sign on page. Sign in with the account you assigned to the Better Stack application, please.

Tada! Your Single Sign On is now configured.

User provisioning

We support user provisioning from your Okta account using SCIM.

Supported Features

  • Create users
  • Update user attributes
  • Deactivate users
  • Sync password
  • Group push

Requirements

User Provisioning using SCIM requires a working Single Sign-On setup with Okta.

SCIM Configuration Steps

Setting up SCIM after you finished the SSO walkthrough should be very straightforward. Here are the instruction steps:

  1. In the Better Stack Okta SSO settings, click on the Enable provisioning toggle.

  2. Copy the Bearer token value that appears on the page.

  3. Switch to the Okta dashboard, open the Better Stack application, and switch to the Provisioning tab.

  4. Select Email as the Application username format.

  5. Paste the copied Bearer token to the respective field in the Provisioning tab.

  6. Click on Save.

SCIM user provisioning is turned on, and the setup is now complete. When you want to send your users to Better Stack, simply assign them to the Better Stack application in your Okta organization, and they will sync automatically.

We also support pushing your user groups from Okta - each group will create a new team in Better Stack, along with the assigned Okta users. Note that when you deprovision a Okta Group from the Better Stack Okta application, we delete the Better Stack team as well as any resources. It's important to tread carefully, to make sure you don't lose any configuration or data.

Troubleshooting

When you inactivate or remove a user from the SCIM integration in Okta, we automatically remove them from your Better Stack organization. Note that if the user already belongs to a different organization, their account is not deleted completely - they are only detached from your organization and all the relevant teams. When you re-connect the user via SCIM, they are simply re-added again.

Previous article

Webhooks

Next article

Dynamic RBAC Assignments