Connect Okta to AI Vitals via SCIM
This guide walks your IT admin through connecting Okta to AI Vitals so that employees are automatically added and removed from the platform when their Okta account is activated or deactivated. No manual invite emails needed.
Before you start — what you'll need
- ✓A SCIM token and SCIM Base URL — provided by your AI Vitals account manager or platform admin
- ✓Okta admin access (Super Administrator or Application Administrator role)
- ✓The AI Vitals application already created in Okta (or you will create it during this guide)
Sign in to Okta as an administrator
Go to your-company.okta.com and sign in with your administrator account. You need to be a Super Administrator or Application Administratorto complete this setup.
Open your AI Vitals application in Okta
In the left sidebar, click Applications, then click Applicationsagain in the submenu that appears.
Find and click on the AI Vitalsapplication in your list. If you haven't added it yet, click Browse App Catalog, search for “AI Vitals”, and add it first.
Open the Provisioning tab
At the top of the AI Vitals application page, click the Provisioning tab.
Click the Configure API Integration button.
Enable and configure the API integration
Check the box labelled Enable API Integration.
Fill in the two fields using the values your AI Vitals admin provided:
Base URL
https://your-domain.aivitals.io/api/scim/v2API Token
(paste the token your AI Vitals admin gave you)Click Test API Credentials. You should see a green message saying the credentials are verified.
Click Save.
Turn on automatic provisioning
You're now back on the Provisioning tab. Under the To App section, click Edit.
Turn on the following three settings by checking their boxes:
- Create Users — adds new employees to AI Vitals automatically
- Update User Attributes — keeps names and roles in sync
- Deactivate Users — removes access when an employee leaves
Click Save.
Assign people to AI Vitals in Okta
Click the Assignments tab at the top of the application page.
Click Assign → Assign to People or Assign to Groups to choose which employees get access to AI Vitals.
After assigning, Okta will push those users to AI Vitals within a few minutes. They'll receive an invite email to set their password.
Verify the sync worked
In AI Vitals, ask your L&D Admin to go to the Admin Panel → Users tab and confirm the assigned employees appear there.
Back in Okta, you can check the sync log by clicking the Provisioningtab → Push Groups or reviewing the activity feed in the application.
What happens when an employee leaves?
When you deactivate an employee in Okta, their AI Vitals account is automatically deprovisioned — their sessions are revoked and they can no longer sign in. Their assessment history and scores are retained for compliance purposes but they lose all access. You don't need to do anything in AI Vitals separately.
Troubleshooting
Test API Credentials fails with "Unauthorized"
The token was likely not copied correctly. Ask your AI Vitals admin to generate a new token and try again. Tokens can only be viewed once when created.
Users are assigned in Okta but not appearing in AI Vitals
Check that "Create Users" is enabled under Provisioning → To App → Edit. Also check the Okta provisioning log for errors (Provisioning tab → Activity).
I see a 404 error when testing the connection
The Base URL may be incorrect. Confirm the exact URL with your AI Vitals admin — it should end in /api/scim/v2 with no trailing slash.
An employee was deactivated in Okta but still has access in AI Vitals
Confirm "Deactivate Users" is checked under Provisioning → To App. It may have been missed during setup.