Guides

Okta

Suggest Edits

Pleo supports provisioning users through SCIM with Okta.

Managing users through SCIM, guarantees security and access control by automating, user provisioning and de-provisioning.

Supported features

SCIM provisioning through a supported integration with IDPs, HR systems, or a custom integration through the API support the following operations:

  • Create Users: Creates or links a user in Pleo when assigning the app to a user in Okta. The default userName used to create accounts is set to Email.
  • Update the userName of a user: See limitations for more information on this flow. Updates to other fields are not supported.
  • Deactivate Users: Deactivates a user's Pleo account when it is unassigned in Okta or their Okta account is deactivated. Accounts can be reactivated if the app is reassigned to a user in Okta.

Deactivated users are deleted within two weeks from when they were deactivated unless they are reactivated.


Requirements

To be able to manage user access to Pleo through the Okta SCIM integrations, you need to be on the right subscription plan.

🏳️

User Provisioning through SCIM is available on the Advanced plan.


Note:

📨

Users added through SCIM are billable as soon as they accept an invite and sign in for the first time. The cost of new accounts will be prorated for the remainder of your current billing period.


Configuration steps

Follow the steps below to enable SCIM user provisioning through Okta.


Step 1

Enable provisioning through SCIM in the General settings tab.

Screenshot showing how to enable the API integration with Pleo

Step 2

Select Email for the Application username format on the Sign On application tab in Okta.

Select Okta Sign On Application username

Select Okta Sign On Application username


Step 3

Enable the following operations in the Provisioning tab:

  • Create Users
  • Update User Attributes
  • Deactivate Users

Step 4

After assigning Users to Pleo, they still have to be invited for them to start spending.
When the users have been synced into Pleo, you can invite them to use Pleo:

  1. Go to People
  2. Click Add people
  3. Select the Users you want to invite to Pleo
  • For multi-entity set-up: Select the entity you want to add the user to
  • Select the Card access,
    • Card - User will only be able to spend with their Pleo card
    • Card and Reimbursement - User can use their Pleo card and add out-of-pocket expenses
    • Reimbursements only - User can only add out-of-pocket expenses

Once you have invited the users, they will receive an email invitation that they need to accept.

More information can be found in the User Management help article .

Limitations

  • When performing an userName update, the email of the user in Pleo will not updated until the email is verified. This requires the user to click the verify link in the email sent to the new email address.

If you run into any issues, please contact us.

Updated 2 months ago