> ## Documentation Index
> Fetch the complete documentation index at: https://forest-chore-open-api.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Manual SCIM Integration with Okta

> Manually configure Okta's SCIM provisioning with Forest using the SCIMForest 2.0 Test App

<Warning>
  Enabling SCIM disables Forest user editing. All user management must be done through Okta.
</Warning>

## Supported Features

The manual Okta SCIM integration enables:

* User provisioning from Okta to Forest
* Updating user role, permission level, and tags
* User deletion when removed from the Okta app
* Team assignment via groups

## Setup Steps

### 1. Add Forest App

Navigate to Applications > Browse App Catalog, then select "SCIMForest 2.0 Test App (Header Auth)". Name the application, keeping in mind each app links to one Forest project.

### 2. Authentication

Generate a provisioning token in Forest project settings. In Okta's Integration tab, enter the token prefixed with "Bearer" (format: "Bearer \[token]").

### 3. Configuration

Keep "Sync Password" disabled as it's unsupported.

### 4. Custom Parameters

Four parameters require configuration:

* `permissionLevel`: Admin, Developer, Editor, or User
* `teams`: comma-separated team names (e.g., "Operators,Support")
* `role`: must match existing project roles
* `tags`: optional key/value pairs separated by semicolons

### 5. Attribute Setup

In Profile Editor, set external namespace to `urn:ietf:params:scim:schemas:extension:forest:2.0:User`

### 6. Mapping Rules

Create rules directing Okta to Forest for automatic `role`, `permissionLevel`, and `tags` assignment.

### 7. Group Management

Configure Directory groups for team mapping, then use "Push Groups" to link Okta groups with Forest teams. Optional: disable automatic team renaming in app settings.
