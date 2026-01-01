Automating user management

This guide describes how to automate the management of your account users when Okta serves as your identity provider (IdP). It describes how to configure and enable Okta as your IdP for use with Fastly.

An IdP like Okta centralizes user identity management by storing and controlling digital identities. This includes:

maintaining user attributes such as usernames, roles, and authentication credentials

verifying identities through authentication methods like passwords, multi-factor authentication (MFA), or single sign-on (SSO)

enforcing access policies based on roles and permissions

Integrating Okta with your account enables you to automate user lifecycle management, allowing the IdP to handle account creation, updates, and deletions while supporting security policies and compliance requirements. Provisioning users through Okta also ensures that access and permission levels remain synchronized with your services and sites (also known as workspaces), automatically reflecting changes made in the IdP.

NOTE: Okta uses the System for Cross-domain Identity Management (SCIM) protocol, an industry-standard specification, to automate the provisioning and synchronization of user accounts across integrated applications and directories. Learn more about SCIM in Okta's developer documentation.

Prerequisites

Before configuring and enabling the IdP, be sure to complete the following prerequisites:

Create an application integration between Okta and Fastly. If you have not already done so, in Okta, create an application integration for use with Fastly. You can use an existing integration if you have one already set up.

Enable single sign-on for the integration between Okta and Fastly. In the Fastly control panel, enable single sign-on to use Okta as your SSO provider.

In the Fastly control panel, enable single sign-on to use Okta as your SSO provider. Create and secure your email domain. In order to provision users to Fastly with SCIM, you must first demonstrate ownership of the users' email domain.

To complete the configuration and enablement of the IdP you must also:

Create a Fastly API user token for Okta's integration. Have a superuser associated with your account create a personal API token to use when it comes time to authorize access to the Okta application. Be sure to select Global access for the scope of the token and All services for the service access level. Follow your organization's best practice for choosing an appropriate token expiration date, if any.

Add your account users in Okta. Okta allows you to create users manually or import users as part of the provisioning process.

Limitations and considerations

Keep in mind the following limitations and considerations when automating user management through Okta:

Fastly supports user creation, update, deletion, and import features for Okta IdP user management automation.

For user updates, Fastly only supports updating the user's role .

. Fastly does not support multiple role assignments via Okta. You can only assign multiple roles to a user via the Fastly control panel.

Fastly does not support user deactivation or reactivation.

Configuring and enabling the IdP

To configure automated user management through Okta, follow these steps to configure and test your IdP settings and then enable your IdP.

Configuring and testing your IdP settings

To configure your IdP settings:

From Okta's side navigation, go to Applications > Applications and then select your Fastly application from the application catalog. Click the Sign On tab and ensure that Application username format is set to Email. Click the Provisioning tab and then click Edit in the SCIM Connection area. Click the Configure API Integration button and select the Enable API Integration checkbox. In the API Token field, enter the Fastly API user token you generated as a prerequisite. Click Test API Credentials to test your integration. Review the connector configuration settings that appear displaying the provisioning features Okta detects and click Close when you're done. HINT: Need help with your Okta application's integration settings? Okta's documentation offers troubleshooting assistance. Once you confirm the settings, click Save. Two new settings sections appear on the Provisioning tab that allow you to manage settings to the Fastly app (To App) and to Okta (To Okta).

Enable provisioning features

To enable the appropriate provisioning features for your integration:

Go to Provisioning and click To App In the Provisioning to App area, click Edit. Select Enable for the following provisioning settings: Create Users

Update User Attributes

Deactivate Users WARNING: Don't enable password syncing. Passwords are managed using single sign-on. Click Save.

Managing users in the Fastly Okta application

When automating user management, we strongly recommend that management happen in the Okta application unless you plan to assign multiple roles to a single user, which can only be managed in the Fastly control panel.

User updates in the Okta application will be automatically reflected in the Fastly control panel, but the reverse is not true. User updates in the Fastly control panel will only be reflected in the Okta application if you specifically import the information.

IMPORTANT: We recommend scheduling regular imports into Okta from the control panel to keep data synchronized.

Assigning users to the Fastly Okta application

To assign a user to your Fastly account via the Okta application, follow these steps.

From Okta's side navigation, go to Applications > Applications > Fastly. Click the Assignments tab. From the Assign menu, select Assign to people. From the list of people names, click Assign to select a user from your Okta directory. An additional attributes window appears with several details about the user pre-filled. (Optional) In the Roles field, using lowercase letters or underscores ( _ ) only, enter a single Fastly role to be assigned to that user. If no role is provided, the user role will be assigned by default. Our guide to configuring user roles and permissions provides more information. Click Save and Go Back. The name of the user you just provisioned appears under the Assignments tab.

Updating user information in the Fastly Okta application

To update a user's information in the Fastly Okta application, follow these steps.

From Okta's side navigation, go to Applications > Applications > Fastly. Click the Assignments tab. Click the People filter. From the list of names that appears, select the user information to update by clicking the pencil icon to the right of the name. In the Edit User Assignment window that appears, adjust the information in any of the fields as needed, keeping the following things in mind: The Username field serves as a unique ID. To change a username, you must contact support.

field serves as a unique ID. To change a username, you must contact support. When updating the Role field, a new rule must be provided. Removing a role without replacing it will result in an error. Click Save and Go Back. The updates are applied to the user information.

Removing a user's access to a Fastly account

To remove a user's access from the Fastly application, either delete them from the Fastly Okta application or deactivate their entire Okta account.

Removing access without deleting a user in Okta

To remove access to the Fastly application without deleting a user's data in Okta (for example, when a user's responsibilities no longer require access to Fastly), follow these steps.

From Okta's side navigation, go to Applications > Applications > Fastly. Click the Assignments tab. Click the People filter. From the list of names that appears, select the user by clicking the x icon to the right of the name and confirm the removal by clicking OK.

The user's access to Fastly will be removed, but not their user information in the Okta application. You can reassign access to the Fastly Okta application, which will once again provide them with access to your Fastly account.

Removing access to the Fastly application by deactivating an Okta user account

To remove a user's access to both the Fastly application and Okta at the same time (for example, when a user leaves your organization entirely), follow these steps.

From Okta's side navigation, go to Applications > Applications > Fastly. Click the Assignments tab. Click the People filter. From the list of names that appears, select the user by clicking the name of the user. The user's information and assignment details appear. From the More Actions menu, select Deactivate and then confirm the deactivation by clicking Deactivate again.

The user's access to Fastly will be removed, along with their user information in the Fastly application and their access to any other application that their Okta access controlled.