SCIM provisioning with Groups in Okta

Groups offer an easier way to manage provisioning and deprovisioning in Okta. This guide will run you through the step-by-step set up for creating Okta groups for the editor and viewer roles in Whimsical.

Need to set up SCIM provisioning with Okta? Check out this article first. 

1. Go to the Okta Directory > Groups and set up groups for Whimsical editors and viewers by using the Add group button. You can also use existing groups that you might have, for example “Contractors” and “Employees”.


Note: We currently only support group configurations for editor and viewer roles in Whimsical. There is no support for setting the admin role via SCIM, you need to do this manually in Whimsical.

2. Go to your Applications page and open the Whimsical app.

3. Once the Whimsical app is open, click on the Assignments tab. Then select the Assign button > Assign to Groups.

4. You can find the Whimsical groups you set up in Step 1 here. Click the Assign option for a group.

5. For the Whimsical editor group, select Workspace Editor = true, and for the Whimsical viewer group, select Workspace Editor = false.



Note: If you select “undefined” it will fall back to the default SAML role on provisioning or the role that is set through the Whimsical app interface.

This will take effect from when a user first logs in with SAML and the SCIM editor is set to undefined. Then the role can be changed using the Members page in workspace settings.

6. Once completed, your groups will show as Assigned.

The priority order showing on the Groups tab defines which role a user should have if they end up in both groups.

7. At this point, if you haven’t already added users to your groups, you can do this now. Users can be added to groups either before or after groups are assigned to Whimsical.

For example you may already have groups by company roles in place, like “Product”, “Operations”, “Engineering”. You could assign editor access to the existing to “Product” and “Engineering” groups, but viewer access to the “Operations” group.


Note: You do not need to assign any attribute mappings to the editor group attribute under the Provisioning tab. It is mapped through Group assignments. You can leave this blank, showing “Not mapped”.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.