Skip to main content

Navigation

Catalogue

Security Awareness Privacy & Compliance AI & LLM Security Real-World Incidents
Application Security Soon
API Security Soon
Cloud Security Soon

Features

Human Risk Management Interactive 3D Training SCORM Cloud LMS Human Risk Score Risk-Based Automation Integrations All features

Simulations

Phishing Simulations Smishing Simulations
Vishing Simulations Soon

Company

Partners About Us Blog Data Sheet PDF

Legal

Security & Compliance Privacy Policy Terms of Service
English Українська
Book a Demo
Okta Integration Network

Configure SCIM provisioning with Okta

Let Okta create, update, and deactivate RansomLeak learner accounts automatically. New hires get training access on day one; leavers lose it the moment they are offboarded.

Last updated June 2026

Prerequisites

  • A RansomLeak tenant with admin access
  • The "Manage Integrations" permission
  • Okta super admin or app admin rights

Your tenant is reachable at https://<your-subdomain>.ransomleak.com. Replace <your-subdomain> with your own subdomain throughout this guide. For help during setup, email support@ransomleak.com.

RansomLeak is published in the Okta Integration Network. In Okta, open Applications → Browse App Catalog, search for RansomLeak, and add the integration. Provisioning is configured on that app, as described below.

Supported features

  • Create users
  • Update user attributes
  • Deactivate users
  • Group push (groups map to roles)
  • Team & manager sync

Provisioning is one-directional. Okta is the source of truth and pushes changes into RansomLeak. RansomLeak does not import users or profile updates back into Okta, so leave Import New Users and Import Profile Updates turned off on the Okta app.

Get your SCIM credentials in RansomLeak

  1. Sign in to https://<your-subdomain>.ransomleak.com as a tenant admin.

  2. Go to Admin → Tenant Settings → SCIM.

  3. Click Generate Token and confirm in the dialog. RansomLeak shows your SCIM bearer token and base URL:

    Base URL https://<subdomain>.ransomleak.com/scim/v2

  4. Copy the token now, it is shown only once. Generating a new token invalidates the previous one. Store it securely; you will paste it into Okta next.

Configure Okta

  1. If you have not added it yet, go to Applications → Browse App Catalog, search for RansomLeak, and click Add Integration. On the General Settings screen, enter your Subdomain — the part of your RansomLeak URL before .ransomleak.com (for example, acme for https://acme.ransomleak.com) — and click Done.

  2. Open the RansomLeak app in Okta and go to the Provisioning tab.

  3. Click Configure API Integration and enable it. In the API Token field, paste the SCIM token you copied from RansomLeak.

    Enter the raw token only — do not add a Bearer prefix. The Okta app adds it automatically. The base URL and authentication scheme are pre-configured by the RansomLeak OIN app template, so you do not need to set them.

  4. Click Test API Credentials, then Save.

  5. Under Provisioning → To App, enable:

    • Create Users
    • Update User Attributes
    • Deactivate Users

  6. On the app's Sign On tab, set Application username format to Email. RansomLeak's SCIM userName is an email address, so this keeps the provisioned account aligned with the user's sign-in identity.

  7. Assign users or groups to the RansomLeak app. Okta provisions them into RansomLeak.

Attribute mapping

Map the core attributes below. RansomLeak also reads optional attributes, including the SCIM enterprise extension, to populate job titles, teams, and the reporting line, which power team-based and manager-based reporting.

Core attributes

Okta attribute SCIM attribute Populates in RansomLeak
userNameuserNameEmail / login
Email (primary)emails[type eq "work"].valueEmail
First namename.givenNameFirst name
Last namename.familyNameLast name
Display namedisplayNameDisplay name

Teams, managers, and job titles

These come through the standard SCIM enterprise extension (urn:ietf:params:scim:schemas:extension:enterprise:2.0:User), which Okta sends from its built-in Department and Manager profile attributes.

Okta attribute SCIM attribute Populates in RansomLeak
TitletitleJob title
Department …:enterprise:2.0:User:department Team (created automatically if the name is new)
Manager …:enterprise:2.0:User:manager Reporting line, used to build your org hierarchy

RansomLeak creates a team from the department name when it does not exist yet, and links each user to their manager by external ID. If a manager is provisioned after their reports, RansomLeak backfills the reporting line automatically once the manager arrives.

Group push

RansomLeak Groups correspond to tenant roles. Use Okta Push Groups to align an Okta group with a RansomLeak role; pushing the group assigns that role to its members. Group create, update, and delete are all supported.

For a user to receive a role through Group Push, they must be both assigned to the RansomLeak app and a member of the pushed group in Okta. A user who is only in the group, or only assigned to the app, will not receive the role until both are true.

Troubleshooting

Symptom Fix
Test credentials fail Confirm you pasted the current SCIM token into the API Token field, with no extra spaces. Enter the raw token only — Okta adds the Bearer prefix automatically. If it still fails, regenerate the token in RansomLeak and update it in Okta.
401 after it previously worked The token was regenerated or revoked in RansomLeak. Generate a new one and update Okta.
Deactivation not reflected Ensure Deactivate Users is enabled under Provisioning → To App.
Next guide Configure SAML SSO with Okta Let your team sign in to RansomLeak with their Okta credentials.

Need a hand?

Email support@ransomleak.com and we will help you connect Okta to your tenant.

See RansomLeak in Action

Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.

Request Demo Try Free Exercises