Skip to main content
Jaapi

Identity & SSO

Okta + Jaapi

Connect Okta to Jaapi for enterprise SSO and automated user provisioning. Employees sign in with their Okta credentials, and SCIM 2.0 keeps the store's user list in sync as people join and leave.

Get a demo

Yes, Jaapi integrates with Okta for both single sign-on and automated user provisioning. Employees sign in to the swag store with their existing Okta credentials, and SCIM 2.0 keeps the store’s user list in sync — accounts are created on hire and deactivated on departure, with no manual invites. Setup is self-serve for your IT admin.

How does the Okta integration work?

The Okta integration has two halves that work independently or together. SSO lets employees authenticate with their Okta identity instead of a separate password, via SAML 2.0 or OpenID Connect. SCIM provisioning lets Okta push user lifecycle events to the store, so the user list stays current automatically.

Okta acts as the identity provider; Jaapi is the downstream application that receives sign-ins and provisioning events.

What syncs from Okta to Jaapi?

SCIM provisioning keeps your store’s roster aligned with the users assigned to the Jaapi app in Okta:

  • Onboarding. Assigning a user to the Jaapi app creates their store account.
  • Profile updates. Name and email changes flow through automatically.
  • Offboarding. Unassigning or deactivating a user deactivates their store account, and unspent credit is reclaimed to an admin wallet.
  • Rehires. Reassigned users have their original account reactivated, history intact.
  • Identity mapping. The Okta user ID is stored as the user’s externalId for stable cross-system matching.

How do I set up Okta SSO and provisioning?

Everything is configured by your Okta administrator plus a token from your store settings — no Jaapi engineering involvement.

  1. In your Jaapi store, go to Settings and generate a SCIM API token.
  2. In Okta, add Jaapi as an app and configure SAML 2.0 (or OIDC) for single sign-on.
  3. Enable provisioning, set the SCIM connector base URL to your store’s SCIM endpoint, and authenticate with the Bearer token from step 1.
  4. Assign users or groups to the app. Provisioning begins immediately.

What about groups and roles?

Jaapi uses a flat access model — store user or admin — so SCIM provisioning operates at the user level rather than syncing Okta groups into store roles. Admin access is granted within Jaapi, and admin accounts are protected from deletion via SCIM. If you need HR-driven segmentation or per-team credit budgets, pair SSO with an HRIS CSV sync, which can carry department, location, and budget fields that SCIM does not.

Is the Okta integration secure?

Yes. SSO removes store-specific passwords entirely, SCIM requests are authenticated with a store-scoped Bearer token over HTTPS, and new accounts are validated against your allowed email domain. Every provisioning action is audit-logged. Jaapi is ISO 27001:2022 certified with EU-hosted data.

Custom branded tumblers

Ready to unite your global team with hassle-free swag?

Connect your worldwide employees and customers with quality branded items—made on demand and delivered locally. No warehousing headaches. No customs delay.

Get a demo