Configure Identity Connector for Okta

Alicia Allen Updated by Alicia Allen


With Brivo's Identity Connector, customers can provision their Okta users and groups to Brivo Access, allowing them to manage onboarding and offboarding users in a single application.


Before you begin, ensure that you have the following required elements:

  • An active Okta account
  • An active Brivo Access account with an Identity Connector subscription
  • An active Brivo Service administrator account (create a Brivo administrator with all user and group permissions solely for the integration)

Steps to Connect Brivo Access to Okta

  1. In the Okta management portal, click on the Applications tab and then click on Browse App Catalog to search for the Brivo Access application.
  1. In the Search box, type Brivo Identity Connector and then select Brivo Identity Connector (or Brivo Identity Connector EU) from the available list.

NOTE: Select Brivo Identity Connector EU if your Brivo Access account is on the EU database.

  1. Click Add Integration.
  1. On the Sign-On Options page, check “Do not display application icon to users” and “Do not display application icon in Okta Mobile App”. Click Next, then click Done.
  1. Click on the Provisioning tab, then Configure API Integration, then check the Enable API Integration checkbox to enable API integration. Once the box is checked, click on the Authenticate with Brivo Identity Connector button.
  1. You are automatically taken to the Brivo API login screen. Enter the Brivo username and password for the Brivo Administrator account that Okta will use to integrate with Brivo Access. This should be an administrator ID exclusively dedicated to Okta and not used by any other Brivo Access administrator. Click the Log In button.
  1. You are asked to confirm that you authorize "SCIM Application" to access your protected resources with permissions granted to brivo.api. Click the Submit button, and you are returned to the Provisioning tab on the Okta Applications page.

NOTE: If the Brivo API login was successful, but Okta shows an incorrect credentials error, then it is most likely that Identity Connector has not yet been activated. Please have your Brivo reseller contact Brivo to activate it.

  1. Two notices appear on the page notifying you that Brivo Access was verified successfully and that Brivo Access' API has been authenticated. At this point, simply click on Save to complete this portion of the process.
  1. On the Provisioning tab, scroll to Brivo Identity Connector Attribute Mappings, remove the User Type mapping, and click OK.
  1. To enable Provisioning to the Brivo application, check the boxes for Create Users, Update User Attributes, and Deactivate Users. Once that is done, click the Save button.

NOTE: If the Brivo Access account has existing users that will be managed by Okta, duplicate Brivo Access users will be created unless the Okta User ID is entered in Brivo Access prior to beginning the provisioning process.

  1. Click on the Assignments Tab. Click the Assign button and assign one test user to the application. This will create all the required custom fields in Brivo for the integration to function properly.

NOTE: If the Brivo Access account has a small number of users, the Okta User ID can be manually entered in the IC_Username custom field in Brivo Access. If the Brivo Access account has a large number of users, please contact Brivo Professional Services ( for a bulk export/import services package.

  1. On The Provisioning tab, click the assign button and select Assign to groups. Find and assign any groups with users you to be synced to Brivo.

NOTE: It is recommended that you put all users into a general access group. One of the suspend mechanisms is that a user's profile will be suspended in Brivo if they are removed from all Okta mapped groups. You should functionally have one group to provision users and then any additional groups for group-based permissions.

  1. Click on the Push Groups tab, click the “+ Push Groups” button, and select Find groups by name. Enter and select the group name. Under result & push action, you can choose to have the group created or link the group to a group that already exists in Brivo.

NOTE: Group names are not unique and can be duplicated in the Brivo Access account.

  • If you are creating the group, click save.
  • If you are linking to an existing group, click the Create Group button under Match results & push action and select Link Group. Type the name of the existing Brivo group in the dropdown box and select the group from the list and click save. The group name in Okta will replace the name of the existing group in Brivo.

How did we do?

BMP Provisioning with Identity Connector for Okta

Custom Field Mapping with Identity Connector for Okta