This page shows how to configure User & Group Sync for Okta.


Video Guide



Quickstart guide


On Okta side:

  1. Log in to your Okta organization as a user with administrator privileges
    Any type of administrator role is fine. If you limit this administrator role to manage only specific groups, only users in those groups are synced. 
    API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions will also change.

  2. when in normal mode, click on the API tab at the top and then on Tokens
    1. in the developer console mode/ classic view, expand Security in the left menu bar, click on API, and then on the Token tab in the top middle
  3. Click on Create Token.
  4. Name your token and click on Create token.
  5. Copy your Token Value, you will only see it once.

User & Group Sync Configuration (https://your-base-url/plugins/servlet/samlsso/usersync)

  1. Click on Create Connector and select Okta
  2. Enter Okta Domain and the token value.
  3. Click Save. You are now ready to sync.


User guide


Log in to your Okta organization as a user with administrator privileges
Any type of administrator role is fine. If you limit this administrator role to manage only specific groups, only users in those groups are synced. 
API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions will also change.


Depending on the mode, the configuration interface looks different in Okta:

Create Okta API Token

Regular UI

  • Click on API (2)
  • Click on Tokens (3)
  • Click on Create Token (4)



Developer Console/ Classic UI

  • Expand the Security node (1)
  • Click on API (2)
  • Click on Tokens (3)
  • Click on Create Token (4)


Name and Create Token

  • Name the token and create it

  • copy its value (1), it will be only displayed once. Of course, you can create a new token if you lost the old one


Create User & Group Sync Connector For Okta

Now it is time to configure User & Group Sync in your Atlassian product. Click on Create Connector and select Okta:


Set a Name, insert your Okta Domain without protocol (HTTPS://), and paste the token value to the API Token field. By clicking Save and Test Connection, you can make sure that User Sync is able to reach all the needed endpoints before continuing with the setup.


To take full advantage of User Sync, click on the Sync Settings tab and Enable Scheduled Synchronization.
You can control the sync interval with the modal but also by editing the Cron expression.

Do not forget to save your configuration. Scroll down to the bottom of the page and press Save or Save and Return.


You are now ready to commence either a simulated or a full sync. By simulating the sync first you will be able to verify your configuration and see what changes User Sync would apply like what users will be added, modified, or not modified. With the full sync, User Sync will apply those changes. Both sync actions will run a full sync and will have the same sync duration. For more information on the sync simulation please refer to Using the Simulated Sync Feature.




Please read here, if you already have users in your system which you want to migrate, without losing their history. Don't hesitate to reach out to https://www.resolution.de/go/support, if you need any help with achieving this. 


Additional Resources: