How does enabling SCIM with Okta affect existing users and role management in Panther?

Question

How does enabling SCIM with Okta affect existing users and role management in Panther?

Answer

When enabling SCIM integration between Panther and Okta, here's what you need to know about user access and role management:

Initial SCIM Setup

• Adding the Panther API key to Okta does not disrupt existing user access

• No immediate changes are made to user accounts or roles in Panther

Role Management After SCIM Integration

• Once SCIM is active, Okta becomes the source of truth for user roles

• User roles defined in Okta will take precedence and update in Panther during the user's next login via Just-In-Time (JIT) provisioning

• While it's technically possible to modify roles directly in Panther, these changes may be overridden upon next login if different roles are specified in Okta

• Best practice: Manage all user roles through Okta once SCIM is enabled to maintain consistency

Impact on Non-Okta Users

Users who authenticate directly to Panther (not through Okta) will not be affected by SCIM integration. These users can continue to access Panther as before, with their existing credentials and roles.