Set up Okta as your SAML Identity Provider

Here's a walk-through of setting up Okta as your SAML Identity Provider. This allows your team to log into Zenduty without a new email / password combination.

1. Log in to Zenduty as an account owner. In another tab, Log into Okta as an administrator.

2. In Zenduty, click on your name in the top right corner, which will reveal a dropdown with your account's domain name. Copy your account domain name for later use.
   

3. Go to your Okta admin dashboard. Click on Applications. Click on Add Application and search for Zenduty in the Okta application marketplace. Click on Add next to Zenduty.
   

4. Click on the Zenduty application in Okta. Click on the Sign On tab. Click on Edit in the Settings section.

5. In the Default Relay State box, enter the Zenduty account subdomain you copied in Step 2. For Application username format, Select Email.
   

6. Click on the View SAML Setup Instructions from the right. This will open a new tab which will contain three values which you need to temporarily copy in a text editor for the next step - SAML endpoint, SAML Entity ID and Certificate.
   

7. Assign users to the Zenduty application on Okta.

8. Go back to the Zenduty tab. On the top right corner, click on the dropdown under your name and click on Account. On the left panel, click on Single Sign On.

9. In the SSO form, select Okta SSO under Select SSO Provider.

10. In SAML endpoint input, paste the SAML endpoint you saved from Step 6. In SAML Entity ID input, paste the SAML Entity ID from Step 6. In the Certificate input, paste the Certificate copied earlier.
    

11. Click on Save Integration to complete your SSO setup.

12. To test SP-initiated SSO, logout of your Zenduty account and click on Login. Click on Login with your identity provider. Enter your account domain name and click on Continue. Authenticate your Okta credentials to login into Zenduty.

13. To test iDP-initiated SSO, logout of your Zenduty account. Login to your Okta account and from the application list, click on Zenduty. You will be logged into Zenduty.

Disable password login for non-admin users

To disable password login for non-admin users, you can toggle the "Allow Email and Password login for users" setting in the SSO configuration

Enable SCIM Settings in Zenduty

• Toggle the Enable SCIM Settings to activate user provisioning.

• Copy the Base URL and Token provided. Save them securely — you’ll need these for OKTA configuration.

Configure the SCIM Connector in Okta

In the Okta Admin Console, open your Zenduty application and go to
Provisioning → Integration, then click Edit:

• SCIM version: 2.0
• SCIM connector base URL: Paste the base URL provided by Zenduty
• Unique identifier field for users: userName
• Supported provisioning actions: check Push New Users, Push
  Profile Updates, Push Groups
• Authentication Mode: HTTP Header
• HTTP Header → Authorization: Bearer <your Zenduty SCIM token>
  Click Test Connector Configuration and ensure it succeeds, then click
  Save

Provisioning to App (Enable Operations)

Open Provisioning → To App and click Edit. Enable the following
operations:

• Create Users
• Update User Attributes
• Deactivate Users

Note: The default username for account creation should be set to
Email (configured under Sign On). Sync Password must remain
disabled for SCIM.

Attribute Mappings

Open Provisioning → To App → Attribute Mappings and use the following
mapping set:

To Okta (Import Settings)

Under Provisioning → To Okta, the connector shows Import Not
Available.
This is expected—Zenduty is treated as a downstream application and does
not import users into Okta.
Ensure Import Safeguard thresholds meet your org policy (20% by
default)

You have successfully set up SCIM-based user provisioning between OKTA and Zenduty.