This article provides the steps required to configure SCIM Provisioning using Intercom’s Okta app.
Supported Features
Import users
Users already present in Okta will be created in Intercom.
Sync password
Users' passwords can be synced from Okta to Intercom.
Push New Users
New users created through Okta will also be created in Intercom.
Push Profile Updates
Updates made to the user's profile through Okta will be pushed to Intercom.
Push User Deactivation
Deactivating the user or disabling the user's access to the application through Okta will deactivate the user in Intercom.
Reactivate Users
User accounts can be reactivated in the application.
Important notes💡
Teammates in Intercom today can be one of two states; active or deleted. Intercom does not support any soft-deleted/de-activated/archived state for teammates.
Where a teammate is not active in your identity provider, this teammate's account will be deleted from the Intercom workspace.
Intercom considers email addresses as case insensitive.
SCIM Provisioning is only available with certain Intercom plans. See our plans and pricing here.
Requirements
In Okta, please ensure your password policy requires at least 10 characters. To change this, please visit the Authentication section within Security settings.
In Intercom, Before you configure SCIM provisioning, you must first configure SAML SSO.
Then, you must follow the setup steps below. The following items will be provided by Intercom in your security settings:
SCIM 2.0 Base URL
API Token
Installing the Okta App
In Okta,
Open Applications
Select Browse App Catalog
SCIM Configuration Steps
In Okta,
On the Provisioning tab:
1. Check the Enable provisioning features box
2. Click on Configure API Integration
3. In Intercom, follow the configuration steps outlined here in your Intercom workspace here.
4. In Okta,
Check Enable API integration,
Enter the Base URL and API Token provided from the Intercom workspace,
Click Test API Credentials.
5. A success message should appear.
6. Click Save
7. Select To App in the left panel then click Edit
8. Enable Create users
9. Enable Update User Attributes
10. Enable Deactivate Users
11. Enable Sync Password (optional)
12. Click Save
Note: You must select Email for the Application username format on the Sign On application tab in Okta because the SCIM userName attribute value for this app follows an email address format.
Select users to be provisioned in Intercom
The Assignments tab will let you provision your Okta users to Intercom. The Assignments tab will not send any group to Intercom. It will only provision users inside groups.
Troubleshooting
Please start a conversation in the messenger or email team@intercom.com if you encounter any issues.
Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts