Brex Empower Platform

How do I connect my Okta SCIM to Brex?

A System for Cross-domain Identity Management (or a SCIM) is an integration that helps you automate user access for your company’s Brex account. It can be used to invite (“provision”) Brex user accounts for your employees whenever they’re added into your Okta instance or to disable users when they are removed from your Okta instance.

You can connect an Okta SCIM account with your Brex account by following these steps:

Note: Steps 1 and 2 are optional. If you’d prefer not to set up your Okta SAML SSO, skip to Step 3, however, if you wish to configure both Okta SSO and SCIM, make sure you complete the steps in the following order.

Step 1: Set up the Okta SAML SSO for your account by reaching out to Brex Support with the following information:

  • Your business name

  • Your email address (or the email address of the individual from your team that will be working on the SAML SSO setup).

  • A test user to be used for SAML SSO setup.

  • A list of email domains that should be supported for SSO & SCIM.

  • Whether or not you have HRIS enabled already.

  • Whether or not you want users to be sent an invitation email automatically after being added to SCIM.

    • If so, whether you want these users invited as the employee role type or the reimbursements-only role type.

Step 2: Wait 3-5 business days for a response email from our team with instructions on how to create the SAML SSO application in Okta. Once successfully set up, our team will test an enable SAML SSO for your account.

Step 3: Go to the Applications page in your Okta admin dashboard.

Step 4: Click Browse App Catalog to create a new SCIM application.

Step 5: Search for SCIM and choose the SCIM 2.0 Test App with basic authentication.

Step 6: Click Add Integration.

Step 7: Enter a name for your application, check the box to hide the application from users, and click Next.

Step 8: If not already, set Application username format to Okta username. Leave everything else as the default and click Done to create the application.

Step 9: Go to the Provisioning tab and click Configure API Integration.

Step 10: Enter your SCIM API credentials (these will be sent to you via a secure document from our team) and click Test API Credentials to confirm the settings are correct.

Step 11: Go to the To App tab and click the checkbox to enable Create Users, Update User Attributes, and Deactivate Users. You can also verify mapping in the attribute mapping section below. The defaults we expect for mappings can be found in the screenshot at the bottom of the page.

Attributes map to Brex as follows:

  • Department: This maps to the department attribute in Brex.

  • Cost Center: This maps to the cost center attribute in Brex.

  • Division: This attribute maps to the legal entity in Brex. NOTE: Currently, legal entities are expected to already exist in Brex before employees can be mapped to them. To create legal entities please go to the Brex dashboard.

  • Manager value: This attribute maps to the manager email in Brex. For manager import, make sure to map the manager’s email to the managerValue. More times than not this will be the “user.managerId” in Okta. But if it isn't, map the correct attribute here.

  • Country: This attribute currently maps to the Location attribute in Brex. Okta supports this as a 2 character country code.

You’ve now integrated Okta SCIM with your Brex account. You can test your setup by assigning the SCIM app to an Okta user to verify the user is provisioned in the Teams page of your Brex dashboard.


Was this article helpful?


Still can't find what you're looking for?

Chat with us->