This guide shows you how to connect Okta to Dify Enterprise Edition’s SCIM service for automatic member synchronization.

Create and Configure Your Okta Application

1. Log into Okta Admin Console

Go to your Okta admin portal and navigate to ApplicationsCreate App Integration.

2. Create the App Integration

  1. Click Create App Integration

  2. Configure the app:

  • Platform: Web Application
  • Sign-on method: SAML 2.0
  • Click Create
  1. Enable SCIM:
  • In the General tab, find App Settings
  • Click Edit
  • Update the Application label if needed
  • Enable SCIM provisioning
  • Click Save

3. Set Up SCIM Connection

  1. Go to the Provisioning tab
  2. Click Configure API Integration
  3. Check Enable API integration
  4. Enter your SCIM details:
  • SCIM 2.0 base URL: Your SCIM endpoint URL
  • OAuth Bearer Token: Your SCIM authentication token
  • Enable Import User and Import Group based on your needs
  1. Click Test API Credentials
  2. After a successful test, click Save

4. Configure Provisioning Options

  1. In the Provisioning tab, find the “To App” section and click Edit
  2. Enable these features as needed:
  • Create Users: Adds new Dify users when assigned in Okta
  • Update User Attributes: Keeps user info synchronized
  • Deactivate Users: Sets user status to “disabled” in Dify when deactivated in Okta
  1. Click Save

5. Assign Users and Groups

To assign users:

  1. Go to the Assignments tab
  2. Click Assign and choose users or groups to sync with Dify Enterprise
  3. Click Save

To sync groups:

  1. Click Push Groups
  2. Select the groups you want to sync to Dify Enterprise
  3. Click Save

Enable SCIM in Dify

Once Okta is configured:

  1. Go to the Dify admin dashboard
  2. Navigate to Members → click the menu button → Automatic synchronizationEnable

Sync isn’t instant. Okta controls the sync schedule. Check your provisioning logs in Okta for sync history.