1. Home
  2. Guides
  3. Account info
  4. User access and control

Automating user management

This information is part of a beta release. For additional details, read our product and feature lifecycle descriptions.

This guide describes how to automate the management of your account users when Okta serves as your identity provider (IdP). It describes how to configure and enable Okta as your IdP for use with Fastly.

An IdP like Okta centralizes user identity management by storing and controlling digital identities. This includes:

  • maintaining user attributes such as usernames, roles, and authentication credentials
  • verifying identities through authentication methods like passwords, multi-factor authentication (MFA), or single sign-on (SSO)
  • enforcing access policies based on roles and permissions

Integrating Okta with your account enables you to automate user lifecycle management, allowing the IdP to handle account creation, updates, and deactivation while supporting security policies and compliance requirements. Provisioning users through Okta also ensures that access and permission levels remain synchronized with your services and sites (also known as workspaces), automatically reflecting changes made in the IdP.

Okta uses the System for Cross-domain Identity Management (SCIM) protocol, an industry-standard specification, to automate the provisioning and synchronization of user accounts across integrated applications and directories. Learn more about SCIM in Okta's developer documentation.

Prerequisites

Before configuring and enabling the IdP, be sure to complete the following prerequisites:

  • Create an application integration between Okta and Fastly. If you have not already done so, in Okta, create an application integration for use with Fastly. You can use an existing integration if you have one already set up.
  • Enable single sign-on for the integration between Okta and Fastly. In the Fastly control panel, enable single sign-on to use Okta as your SSO provider.
  • Create a custom integration that supports SCIM for use during the beta period. Because SCIM functionality is not yet available in the Fastly Okta integration on the Okta Integration Network, you must create a custom integration during beta that has this functionality. This custom integration can be run in parallel with your existing application integration. Follow Okta's instructions for creating SAML app integrations to set this up.

To complete the configuration and enablement of the IdP you must also:

  • Create a Fastly API user token for Okta's integration. Have a superuser associated with your account create a personal API token to use when it comes time to authorize access to the Okta application. Be sure to select Global access for the scope of the token and All services for the service access level. Follow your organization's best practice for choosing an appropriate token expiration date, if any.
  • Add your account users in Okta. Okta allows you to create users manually or import users as part of the provisioning process.

Configuring and enabling the IdP

To configure automated user management through Okta, follow these steps to configure and test your IdP settings and then enable your IdP.

Configuring and testing your IdP settings

To configure your IdP settings:

  1. From Okta's side navigation, go to Applications > Applications and then select your Fastly application from the application catalog.

  2. Click the General tab.

  3. In the App Settings area, click Edit.

  4. Select Enable SCIM provisioning and then click Save. A new Provisioning tab appears to the right of the General tab.

  5. Click the Provisioning tab and then click Edit in the SCIM Connection area.

  6. Fill out the SCIM Connection controls as follows:

    • In the SCIM connector base URL field, enter https://api.fastly.com/scim/v2.
    • In the Unique identifier field for users field, enter email.
      Unique identifiers are case sensitive.
    • From the Supported provisioning actions controls, select Import New Users and Profile Updates, Push New Users, and Push Profile Updates.
    • From the Authentication Mode menu, select HTTP Header.
    • In the Authorization field, enter the Fastly API user token you generated as a prerequisite.

  7. Click Test Connector Configuration to test your integration.

  8. Review the connector configuration settings that appear displaying the provisioning features Okta detects and click Close when you're done.

    The Okta app tests each setting you've provisioned and notifies you when the integration is properly configured by displaying a message that reads Connector configured successfully along with a summarized list of the configuration settings it has detected in your connector (marked with a green check), as well as the provisioning features it has not detected (marked with a red x).

    Need help with your Okta application's integration settings? Okta's documentation offers troubleshooting assistance.

  9. Once you confirm the settings, click Save. Two new settings sections appear on the Provisioning tab that allow you to manage settings to the Fastly app (To App) and to Okta (To Okta).

Enable provisioning features

To enable the appropriate provisioning features for your integration:

  1. Go to Provisioning and click To App

  2. In the Provisioning to App area, click Edit.

  3. Select Enable for the following provisioning settings:

    • Create Users
    • Update User Attributes
    • Deactivate Users
    Don't enable password syncing. Passwords are managed using single sign-on.

  4. Click Save.

Managing users in the Fastly Okta application

We strongly recommend user management happen in the Okta application, not in the Fastly control panel. User updates in the Okta application will be automatically reflected in the Fastly control panel, but the reverse is not true.

User updates in the Fastly control panel will only be reflected in the Okta application if you specifically import the information. We recommend scheduling regular imports into Okta from the control panel to keep data synchronized.

Assigning users to the Fastly Okta application

To assign a user to your Fastly account via the Okta application, follow these steps.

  1. From Okta's side navigation, go to Applications > Applications > Fastly.
  2. Click the Assignments tab.
  3. From the Assign menu, select Assign to people.
  4. From the list of people names, click Assign to select a user from your Okta directory. An additional attributes window appears with several details about the user pre-filled.
  5. (Optional) In the Roles field, using lowercase letters only, enter the Fastly user role to be assigned to that user. Possible values are superuser, engineer, billing, or user (the default).
  6. Click Save and Go Back. The name of the user you just provisioned appears under the Assignments tab.

Updating user information in the Fastly Okta application

To update a user's information in the Fastly Okta application, follow these steps.

  1. From Okta's side navigation, go to Applications > Applications > Fastly.
  2. Click the Assignments tab.
  3. Click the People filter.
  4. From the list of names that appears, select the user information to update by clicking the pencil icon to the right of the name.
  5. In the Edit User Assignment window that appears, adjust the information in any of the fields as needed.
    The Username field serves as a unique ID. To change a username, contact support.
  6. Click Save and Go Back. The updates are applied to the user information.

Removing a user's access to a Fastly account

To remove a user's access from the Fastly application, either delete them from the Fastly Okta application or deactivate their entire Okta account.

Removing access without deleting a user in Okta

To remove access to the Fastly application without deleting a user's data in Okta (for example, when a user's responsibilities no longer require access to Fastly), follow these steps.

  1. From Okta's side navigation, go to Applications > Applications > Fastly.
  2. Click the Assignments tab.
  3. Click the People filter.
  4. From the list of names that appears, select the user by clicking the x icon to the right of the name and confirm the removal by clicking OK.

The user's access to Fastly will be removed, but not their user information in the Okta application. You can reassign access to the Fastly Okta application, which will once again provide them with access to your Fastly account.

Removing access to the Fastly application by deactivating an Okta user account

To remove a user's access to both the Fastly application and Okta at the same time (for example, when a user leaves your organization entirely), follow these steps.

  1. From Okta's side navigation, go to Applications > Applications > Fastly.
  2. Click the Assignments tab.
  3. Click the People filter.
  4. From the list of names that appears, select the user by clicking the name of the user. The user's information and assignment details appear.
  5. From the More Actions menu, select Deactivate and then confirm the deactivation by clicking Deactivate again.

The user's access to Fastly will be removed, along with their user information in the Fastly application and their access to any other application that their Okta access controlled.

Fastly
© Fastly 2025