Prerequisites
- A RansomLeak tenant with admin access
- The "Manage Integrations" permission
- Okta super admin or app admin rights
Your tenant is reachable at https://<your-subdomain>.ransomleak.com. Replace
<your-subdomain> with your own subdomain throughout this guide.
Supported features
- Create users
- Update user attributes
- Deactivate users
- Import users
- Import groups
- Group push (groups map to roles)
- Team & manager sync
The externalId attribute is required by SCIM but has no default mapping. Map it
to a stable identifier (for example, employee number or email) in Okta.
Get your SCIM credentials in RansomLeak
-
Sign in to
https://<your-subdomain>.ransomleak.comas a tenant admin. -
Go to Admin → Tenant Settings → SCIM provisioning.
-
Click Generate token. RansomLeak shows your base URL and bearer token:
Base URLhttps://<subdomain>.ransomleak.com/scim/v2 -
Copy the token now, it is shown only once. Generating a new token invalidates the previous one. Store it securely; you will paste it into Okta next.
Configure Okta
-
Open the RansomLeak app in Okta and go to the Provisioning tab.
-
Click Configure API Integration and enable it. Enter:
Base URLhttps://<subdomain>.ransomleak.com/scim/v2AuthHTTP HeaderAuthorizationBearer <token-from-RansomLeak> -
Click Test API Credentials, then Save.
-
Under Provisioning → To App, enable:
- Create Users
- Update User Attributes
- Deactivate Users
-
Assign users or groups to the RansomLeak app. Okta provisions them into RansomLeak.
Attribute mapping
Map the core attributes below. RansomLeak also reads optional attributes, including the SCIM enterprise extension, to populate job titles, teams, and the reporting line, which power team-based and manager-based reporting.
Core attributes
| Okta attribute | SCIM attribute | Populates in RansomLeak |
|---|---|---|
| userName | userName | Email / login |
| Email (primary) | emails[type eq "work"].value | |
| First name | name.givenName | First name |
| Last name | name.familyName | Last name |
| Display name | displayName | Display name |
| (your choice) | externalId | Stable external ID |
Teams, managers, and job titles
These come through the standard SCIM enterprise extension
(urn:ietf:params:scim:schemas:extension:enterprise:2.0:User), which Okta sends from
its built-in Department and Manager profile attributes.
| Okta attribute | SCIM attribute | Populates in RansomLeak |
|---|---|---|
| Title | title | Job title |
| Department | …:enterprise:2.0:User:department | Team (created automatically if the name is new) |
| Manager | …:enterprise:2.0:User:manager | Reporting line, used to build your org hierarchy |
RansomLeak creates a team from the department name when it does not exist yet, and links each user to their manager by external ID. If a manager is provisioned after their reports, RansomLeak backfills the reporting line automatically once the manager arrives.
Group push
RansomLeak Groups correspond to tenant roles. Use Okta Push Groups to align an Okta group with a RansomLeak role; pushing membership assigns that role to the group's users.
Troubleshooting
| Symptom | Fix |
|---|---|
| Test credentials fail |
Confirm the base URL ends in /scim/v2, auth is HTTP Header,
and the value is Bearer <token> (the word Bearer, a space, then the token).
|
| 401 after it previously worked | The token was regenerated or revoked in RansomLeak. Generate a new one and update Okta. |
| Deactivation not reflected | Ensure Deactivate Users is enabled under Provisioning → To App. |
Need a hand?
Email support@ransomleak.com and we will help you connect Okta to your tenant.