Okta User Provisioning (SCIM)

Last updated: February 9, 2026

Okta's SCIM (System for Cross-domain Identity Management) integration allows you to automate user provisioning and deactivation for ModernLoop. With SCIM, you can easily manage user roles and attributes, ensuring streamlined operations and enhanced security.

This article provides a step-by-step guide to enabling SCIM provisioning with ModernLoop's Okta integration.

View our integration on Okta here.

Pricing

SCIM provisioning is an optional, paid add-on service. If you are interested in using SCIM with ModernLoop, contact your Account Executive or Customer Success Manager for more details.

Supported Feature: SCIM

The Okta/ModernLoop SCIM integration provides the following capabilities:

  • Create users

  • Update user attributes

  • Deactivate users

Note: Okta cannot update user attributes for Admin users due to an API limitation.

Required Attributes

To enable SCIM, the following attributes are mandatory:

Attribute Name

Value

email

user.email

firstName

user.firstName

lastName

user.lastName

SCIM Attribute Mapping

ModernLoop maps SCIM attributes passed by your identity provider (e.g., Okta) to the ModernLoop SCIMUser object. Below is a breakdown of attributes and how they are mapped:

SCIM Attribute

Description

userName

Directly mapped to the userName property from SCIM.

name

Directly mapped to the name property from SCIM.

familyName

User's last name (e.g., “Jensen” in “Barbara Jane Jensen”).

givenName

User's first name (e.g., “Barbara” in “Barbara Jane Jensen”).

emails

Mapped directly to the SCIM emails multi-valued property.

displayName

Mapped to the displayName property from SCIM.

locale

User's locale (e.g., en-US), directly mapped from SCIM.

active

Indicates if the user is active or inactive (true/false). Mapped directly to SCIM.

modernloopRole

custom property used to map ModernLoop roles. Supports the following roles:
INTERVIEWER
SCHEDULER
ADMIN

The attribute modernloopRole is automatically created when enabling SCIM.
If you would like to manage attributes via group assignments, you must delete this default modernloopRole value a create a new value.

Steps to Enable SCIM

  1. Navigate to the Provisioning tab in Okta.

  1. Select Configure API Integration.

    image.png

  1. Enter the SCIM API Token provided by ModernLoop (Organization settings → Secrets → SCIM token) in the API Token field.

    image 1.png

  1. Click Test API Credentials to verify the integration.

    image 2.png

  1. Click Save.

Finalize the setup by testing the connector configuration and saving your changes. This process will enable user provisioning on ModernLoop via Okta.

Managing ModernLoop User Roles

After users are provisioned via SCIM, their roles can also be changed directly within ModernLoop without needing to update Okta settings. When SCIM is managing user roles, you can control whether in‑platform role editing is enabled by navigating to Organization Settings → Members, where you’ll find a setting to enable or disable role editing within ModernLoop.

When this setting is enabled, administrators can adjust any user’s role directly from the Members page, providing a quick way to correct role assignments or update access levels without going through the SCIM provisioning process again. When disabled, roles must be managed through Okta instead.

This self‑service option is particularly useful when users are initially provisioned with the wrong role or when role changes are needed quickly without waiting for SCIM synchronization.

ModernLoop supports three user access roles: ADMIN, SCHEDULER, and INTERVIEWER.

  • ADMIN: Grants full administrative access to ModernLoop.

  • SCHEDULER: Provides limited access for scheduling-related tasks.

  • INTERVIEWER: Grants access to the Interviewer Portal.

Note: If no role is specified, the default role will be set to INTERVIEWER.

To control roles via Okta, add the custom attribute modernloopRole with the following configuration:

  • External name: modernloopRole or modernloop_role

  • External namespace: urn:scim:schemas:extension:modernloop:1.0:Profile

  • Attribute values:

    • ADMIN for admins

    • SCHEDULER for schedulers

    • INTERVIEWER for interviewers

If you would like to control Role at the Group level this is how you would set it up in Okta:

CleanShot_2025-01-28_at_14.31.482x.png

Troubleshooting

  • SCIM not working: Verify that the SCIM API Token provided by your CSM or Account Executive is correctly entered in Okta.

  • You cannot delete the default attribute and immediately create a new one with the same name. This will result in the following error:
    “You cannot add the attribute with the variable name ‘modernloopRole’ because the deletion process for an attribute with the same variable name is incomplete. Wait until the data cleanup process finishes and then try again.”
    If this occurs, you must wait for the cleanup process to complete.

  • If you need to recreate the attribute please set these values:

    Data type

    string

    Display name

    ModernLoop Role

    Variable name

    modernloopRole (or whatever you want)

    External name

    modernloopRole

    External namespace

    urn:ietf:params:scim:schemas:extension:2.0:User

    (Note we’ve been getting reports of this failing, we recommend leaving namespace blank for the time being.)

    Enum

    Checked

    Attribute Members

    Admin → ADMIN
    Scheduler → SCHEDULER
    Interviewer → INTERVIEWER

    Attribute type

    Personal OR Group*

    * This depends on you and how you want to assign this role

  • For further assistance, contact ModernLoop support at support@modernloop.io.

Next Steps

  1. Test the SCIM configuration by provisioning a test user.

  1. Verify attributes are correctly mapped in ModernLoop.

  1. Deactivate a user to confirm proper deprovisioning.

  1. If you would like to complete a SCIM property sync, follow the instructions outlined in📄 Okta SCIM Property Sync