> ## Documentation Index
> Fetch the complete documentation index at: https://forest-chore-open-api.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# SCIM Integration with Okta

> Automate user management by integrating Okta's SCIM provisioning with Forest

<Info>
  You need administrator access to the Forest project.
</Info>

## Supported Features

The Okta SCIM integration enables:

* User provisioning from Okta to Forest
* Updating user roles, permission levels, and tags
* Deleting users when removed from the Forest app in Okta
* SCIM Groups for team assignment
* Read-only `userName` (email format) and name fields post-creation

## Setup Process

### Step 1: Add Forest App

Navigate to Okta Applications tab, browse the app catalog, and select Forest. Assign a descriptive label.

### Step 2: Authenticate Okta

Enable the User provisioning feature in Forest project settings. This generates an API token to paste into Okta's Integration tab.

### Step 3: Configure Mapping Rules

Create rules for mandatory fields: `teams`, `role`, `permissionLevel`, and optional `tags`. Values must match existing Forest configurations. Ensure mapping direction flows from Okta to Forest.

**Required Parameters:**

* `permissionLevel`: Must be `admin`, `editor`, `user`, or `developer`
* `role`: Must match existing Forest roles
* `teams`: Team names for user assignment
* `tags`: Optional key/value pairs for user tagging

### Step 4: Manage Groups

In Okta's Directory section, create groups matching Forest teams. Use the "Push groups" tab to link Okta groups with Forest teams. Optionally disable group renaming to prevent Okta from overwriting team names.

<Warning>
  Removing a group in Okta that was created from, or linked to, a Forest team will **delete** that Forest team.
</Warning>

<Warning>
  When you link an Okta group to a Forest team, the team is renamed to match the group name, unless you disable that option.
</Warning>

## Custom Attributes

Add custom user attributes via Directory > Profile Editor for enhanced mapping flexibility.

## Troubleshooting

* Verify `permissionLevel` values: admin, editor, user, or developer
* Confirm `role` matches existing Forest roles
* Allow time for synchronization
* Note that team updates may trigger back-end restarts
