Company Type
Available on Asana Enterprise and Enterprise+ tiers, as well as legacy tier Legacy Enterprise.
Visit our pricing page for more information.
With SCIM functionality, super admins can quickly and easily provision and deprovision users in Asana from their identity management provider. Your organization can also be used to configure with SCIM. SCIM provisioning allows super admins to:
The following provisioning features are not supported by Asana:
Note
Like what you see? Get started with a free Asana trial today. Try for free
To use SCIM provisioning, you will need to connect your organization's Asana account with one of our supported identity providers. Setup will vary according to the identity provider you use. Asana supports SCIM provisioning via:
Super admins can easily provision and deprovision users in Asana from Okta. The integration between Asana and Okta relies on an industry-standard protocol called SCIM that allows super admins to:
The following provisioning features are not supported at the moment:
Note
Importing users or groups with emojis in their names to Okta will cause failure, as Okta only supports characters encoded with 3 bytes or fewer.
Please ensure that you meet the following requirements before turning on SCIM for your organization.
If you meet these requirements, use the following steps to enable SCIM for your organization.
To use SCIM provisioning, you'll need to connect your organization’s Asana account with your Okta account.
Login to a super admin account on Asana, and navigate to the admin console menu by clicking on your profile picture in the top right, and clicking Admin console. Navigate to the Apps tab and click Add service account.
Note
If you don’t want Okta to push groups to Asana teams, rename teams, or modify teams, then uncheck the team-related permissions.
Login to your Okta admin portal and under the Applications tab, navigate to the Asana application.
Under the applications tab, navigate to the Asana app and click on Provisioning.
Note
We recommend you enable Create Users, Update User Attributes, and Deactivate Users.
To map Okta groups to Asana teams, you can decide to push new groups into Asana or link groups in Okta to existing teams in Asana. If you’re linking groups, please ensure that the teams you’d like to map them to are already set up inside Asana. Find out more about how to create a team in Asana.
In the Okta admin portal:
Note
Please note that deletion of teams in Asana from Okta isn’t supported by this integration. Please use the Teams tab in the admin console in Asana to manage and delete teams.
To configure and map attributes to user profiles in Asana, please follow the following steps.
Attribute | Type | Info | Notes on limitations |
---|---|---|---|
userName | string | Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non - empty userName value, and it must be an email address. REQUIRED. | |
name | complex | The user’s name | |
name.given | string | Unsupported, use formatted | |
name.familyName | string | Unsupported, use formatted | |
name.formatted | string | The full name of the user | |
emails | complex | Email addresses for the user | |
emails.value | string | Email address for the user | |
email.primary | string | Whether this email address is the preferred email address for this user. True may only appear once for this attribute. | |
title | string | The user's title, such as "Vice President". | |
department | string | Identifies the name of the department that the user belongs to. | |
preferredLanguage | string | Indicates the User's preferred written or spoken language. Used for selecting a localized user interface; e.g., 'en_US' specifies the language English and country US. | “Preferred language” can only be set for a user when the user is being created in Asana. Updates to the preferredLanguage field in Okta for existing Asana users don’t get reflected inside Asana. |
active | boolean | Indicate whether the user’s account is active in Asana. | |
addresses |
Multi-valued complex |
The user’s work address | |
address.country | string | The user’s country as a two-letter code e.g., “US” | |
address.region | string | The user’s region e.g., “CA” | |
address.locality | string |
The user’s city e.g., “San Jose” | |
phoneNumbers | Multi-valued complex |
The user’s phone | |
phoneNumber.value | string |
The user’s phone number e.g., “543-111-1111” | |
User | complex |
Enterprise user schema extension attribute for the user | |
User.department | string |
Name of the department that | |
User.costCenter | string |
Name of the cost center the | |
User.organization | string |
Name of the organization the | |
User.division | string |
Name of the division the user | |
User.employeeNumber | string |
A string identifier, typically numeric or alphanumeric, assigned to a person | |
User.manager | complex |
The user’s manager | |
User.manager.value | string |
The user ID for the user’s manager |
If you’re currently using the Asana - Okta integration, please use the following steps to enable/access the latest updates.
Then, click Edit again, check Enable API integration, enter the API token and click Save. Then, enable provisioning features. After this, you’ll see new attribute updates and integration capabilities reflected in the integration.
Learn how to configure SCIM provisioning using OneLogin here.
Note
To enable SCIM functionality with non-natively integrated IdPs please check the necessary accepted attributes here.
The super admin of an organization can choose how a user’s tasks are handled after they have been deprovisioned via SCIM or the API.
When a user is deprovisioned from Asana, a Previously assigned tasks project containing all of the public tasks that were assigned to the user is created.
An organization-wide setting in the admin console allows you to choose a super admin to become the owner of this project. The project owner can reassign the tasks as they see fit.
Note
These customization settings will only apply when the user is removed from the organization via SCIM or API with a Service Account token.
You will find more information on user deprovisioning in our FAQ article.
These cookies are strictly necessary to provide you with certain features. For example, these cookies allow you to access secure areas that require registration and set your privacy preferences. Because these cookies are essential to providing services to you, they cannot be disabled. You can set your browser to block or alert you about these cookies, but it may cause some parts of the site to not work.
These cookies allow us or our third-party analytics providers to collect information and statistics on use of our services by you and other visitors. This information helps us to improve our services and products for the benefit of you and others.
These cookies provide enhanced functionality, providing chat support, allowing you to more easily complete forms, personalizing content to your preferences, and selecting your communications preferences. If you do not enable these cookies, or choose to disable them in the future, that could impact your ability to use certain features.
These cookies, provided by our third-party advertising partners, collect information about your browsing habits, as well as your preferences for various features and services. They also provide us with auditing, research, and reporting to know when advertising content has been displayed and how successful the content has been. This information allows us and our third-party advertising providers to display relevant advertising content.