Configuring SCIM for Automated User Provisioning in Fullstory

Who can use this feature?
- Requires an Enterprise or Data Direct plan.
- Requires an admin role to configure.

Data Direct functionality will soon become a part of Fullstory Anywhere. To learn more about upcoming changes to Fullstory's product offerings, please visit this page.

This article provides guidance for configuring System for Cross-domain Identity Management (SCIM) for your Fullstory account. SCIM, when used in conjunction with Single Sign-On (SSO), allows you to automate the provisioning and deprovisioning of user accounts in Fullstory directly from your Identity Provider (IdP). This streamlines user management and enhances security.

Prerequisite: Before you begin, ensure that SAML SSO is already configured for your Fullstory organization. This article builds upon the SSO setup described in the How do I configure SSO? article.

Enabling SCIM in Fullstory

Note: If you're setting up SSO for the first time in an Umbrella account, repeat these steps for each account in your Umbrella.

Admin users can configure SCIM in Fullstory.

  1. Within Fullstory, go to Settings > Account Management > SSO.
  2. Under Account Provisioning, select SCIM Provisioning from the dropdown menu.

    Note: If you don't see Account Provisioning, ensure that SAML SSO is already configured for your Fullstory organization. See How do I configure SSO? for more information.
  3. Fullstory will display information that you will need to enter into your IdP later, including the following:
    • SCIM connector base URL
    • Unique identifier for users
    • Authentication mode
    • Authorization token
  4. Click Generate Authorization Token. Keep this information secure as it will be used to authorize the connection from your IdP.

CleanShot 2025-04-14 at 13.48.13@2x.png

Setting up the SCIM connection in Okta

The following steps provide an example of how to configure SCIM with Okta. The specific steps may vary depending on your IdP.

  1. From your Okta Admin console, navigate to Applications > Applications.
  2. Select the Okta Application that you have configured for Fullstory SSO.
  3. For the selected Okta Application, click on the General tab and then click Edit.
  4. Under Provisioning, select SCIM and click Save. This will add a Provisioning tab to your Fullstory Okta application.
  5. Click on the new Provisioning tab.
  6. Under Integration, click Edit.
  7. Using the information obtained from Fullstory in the previous section, fill out the following details:
    • SCIM connector base URL
    • Unique identifier field for users
    • Supported provisioning actions
    • Authentication Mode
    • Authorization token
  8. Click Test Connector Configuration.
  9. If the test is successful, click Save.

Mapping User Roles via SCIM Attributes (Recommended)

To automatically assign Fullstory roles to users based on their group memberships in Okta, follow these steps:

  1. In Okta, navigate to Directory > Profile Editor.
  2. Select your Fullstory Okta Application and click + Add Attribute.
  3. Fill out the attribute details with the following information:
Attribute Information Value
Data Type String
Display Name Fullstory Role
Variable Name fullstoryRole
External Namespace urn:ietf:params:scim:schemas:core:2.0:User
Define enumerated list of values Checked

 

  1. Add the following Attribute Members with their corresponding Value:
Display Name Value
Admin admin
Architect architect
Standard standard
Explorer explorer
Guest guest

 

  1. Ensure Attribute Type is set to Group.
  2. Click Save.
  3. In Okta, navigate back to your Fullstory Okta application and click on the Assignments tab.
  4. Add the groups you want to map to Fullstory roles.
  5. Click the pencil icon to open the Edit Group Assignment screen, you should now see the Fullstory Role attribute.
  6. Select the desired Fullstory role from the dropdown that you want to assign to members of this Okta group.
  7. Click Save and repeat this for all relevant Okta groups.

Enabling SCIM Functionality in the Fullstory Okta App

  1. From the Okta Application, navigate to Provisioning > To App and click Edit.
  2. Select the provisioning features you want Okta to manage. It is recommended to enable Create Users, Update User Attributes, and Deactivate Users.
  3. Click Save.

Converting Existing Users to SCIM Users (If Applicable)

If you already have users assigned to the Fullstory Okta application before configuring SCIM, you may need to manually provision them via SCIM:

  1. In the Okta Application, navigate to the Assignments tab.
  2. Click Provision User and follow the prompts to ensure existing users are managed through SCIM. You will only need to do this if you had users assigned before enabling SCIM.

By following these steps, you can successfully configure SCIM for your Fullstory organization, enabling automated user provisioning and deprovisioning through your Identity Provider. This will streamline your user management processes and enhance the security of your Fullstory account. Remember to consult the documentation for your specific Identity Provider for any variations in the configuration steps.

Was this article helpful?

Articles in this section

See more

Got Questions?

Get in touch with a Fullstory rep, ask the community or check out our developer documentation.

Technical Support Support
Ask the Community Community
Dev Docs Dev Docs