# Okta Integration

Use the following guide to set up your Okta integration. *Note this is only available for certain plans. Contact your Affinity account manager to learn more.*

{% file src="/files/YKYb9c2s0ppijKSLvb6D" %}
Download the file to setup Okta
{% endfile %}

### Additional Notes for a Successful Setup

After you have finished the steps for OIDC and SCIM from the Okta Setup PDF, you may want to double check some of your data. Below, we'll outline specific things you should look out for.

#### Double Check Standard Field Values

With SCIM enabled, you will need to make sure that the following fields are set properly and we are receiving them from your Okta instance:

* title
* department
* manager.value
  * This should be the email address of the persons manager (if they have a manager).
* displayName
* address.primary.region
  * This maps to the state/region in Affinity. This need not be a US state, but any geographic designation.

These are default fields that Okta generally sends for any application that is configured. You will know if you are sending these from your Okta instance correctly if the learner's name, department, state, title, and managers are showing up accurately in Affinity (*reminder: if you don't see the change immediately, wait a few minutes for the updates to process*).

#### Double Check Custom Field Values

Additionally, you will need to configure mapping for the following fields. This guide is a reference: [Custom Okta Fields](/product-guides/authenticating/okta-integration/custom-okta-fields.md)<br>

Above we mentioned the standard field values which come from Okta, but you have the ability to configure custom field values as well, such as:

* startDate
* anniversaryDate

We strongly encourage you to configure the `startDate`as it is instrumental to many of our workflows. If you do not configure this value, it will default to the current date that a learner was imported into Affinity.

#### Custom Field Value Mapping via Okta

Within Okta, you have the ability to perform custom transformations of fields. For example, you might be storing the "Division" in Okta and the "Work Location" in Okta and you want your learners to have a "Department" in Affinity of "Division - Work Location", such as "Customer Service - Philippines".  To enable this, you can create a **custom mapping expression** to transform and pass attributes to a specific application using **App User Profile Mappings**.

You will need these custom field mappings to be assigned to one of the standard fields, such as department, which we referenced above.

#### Custom Field Value Mapping in Affinity

Affinity can also support custom field mappings from your Okta on the Affinity side. You would create custom fields using the [Custom Okta Fields](/product-guides/authenticating/okta-integration/custom-okta-fields.md)guide and inform us of the mapping which you want, such as "Department = user.division - user.workLocation". Then we would configure the mapping on our end.  The downside to this method is if you ever want to change the mapping, you must rely on Affinity to perform the change, versus your own IT team.

### Testing before Going Live

For adding new users, we recommend going slowly with testing this on your end with 2-4 users. Once you set up SCIM, it usually takes about 5-10 minutes from adding a user in your Okta portal to hit our system after all the webhooks from Okta get fired to Auth0 get fired to us. After you add the first few users, verify the fields have come in correctly. Once you feel confident, you can add the rest of the learners.

If you have doubts or questions about field mappings, please contact <support@itsaffinity.com> or your Affinity account manager and we can help you figure out the right way to utilize the Okta setup.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.itsaffinity.com/product-guides/authenticating/okta-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.