Configure SCIM User & Group Sync

Supported Features

If you would like to sync users and groups from Okta to Twingate, you need to set up SCIM. To do this, you must first set up the Twingate application from Okta's Integration Catalog.

The following SCIM provisioning features are supported

  • Create users in Twingate from Okta
  • Update user attributes in Twingate from Okta
  • Deactivate users in Twingate that have been deactivated in Okta or removed from the Okta Twingate app
  • Group push from Okta to Twingate


Okta SCIM-based provisioning is supported for Twingate customers on the Business and Enterprise tiers.

Configuration Steps

1. In your existing Twingate app under the Provisioning tab, click Configure API Integration

2. Copy the SCIM Token from the Admin Console

Note that you don't need to specify the SCIM endpoint in the Twingate Okta app as this was configured when you first installed the application.

3. Enable API Integration and paste in the SCIM Token from Twingate

"Test API Credentials" will succeed if the token is entered correctly.

4. Under the Provisioning tab, enable all 3 options shown below, then click Save

Do not change SCIM Attribute Mappings.

5. Assign the users that should be synced to Twingate under Assignments

Assigning a user group here will only sync the users in the group to Twingate, not the group itself.

6. Assign the groups that should be synced to Twingate under Push Groups

Only users that have already been synced with Twingate will be added to the group membership correctly. To guarantee that all users from the group will sync correctly, you should add the group in both this and the previous step.

Did this page help you?