Businesses can integrate Birdeye with Okta using both SAML Single Sign-On (SSO) and SCIM (System for Cross-domain Identity Management). This allows administrators to centrally manage user creation, updates, deactivation, role assignments, and location access directly from Okta.
NOTE: To integrate Okta with Birdeye for SSO and user provisioning, you will need your Birdeye Business ID and API Key. You can find these inside your Birdeye dashboard by navigating to Settings > Integrations > API, and copying the Business ID and API Key located under the API tab.
Step 1: Add the Application and Configure SAML SSO
Log in to your Okta Admin Console.
Navigate to Applications > Applications and click Browse App Catalog.
Search for SCIM 2.0 Test App (OAuth Bearer Token) and click Add Integration.
Change the Application label to "Birdeye" and click Next.
Under the Sign-On Options tab, select SAML 2.0.
Scroll down to Advanced Sign-on Settings and enter the following mandatory details:
Assertion Consumer Service URL (ACS URL): https://auth.birdeye.com/login/saml2/sso/[Your-Business-ID] (Replace [Your-Business-ID] with the actual Business ID you copied earlier. Example: https://auth.birdeye.com/login/saml2/sso/1234567890)
Audience URI (Entity ID): https://birdeye.com
Ensure that the Application Username format is mapped to Okta username. This value will be verified at Birdeye's end for successful login.
Click Done.
IMPORTANT: You must copy the Okta IDP Metadata URL (found in the Sign-On tab) and share it with the Birdeye Customer Support team to finalize the SSO portion of this integration.
Step 2: Configure SCIM Provisioning API
Navigate to the Provisioning tab for the Birdeye app in Okta and click Configure API Integration.
Check the box to Enable API integration.
Enter the following details:
SCIM 2.0 Base URL: https://api.birdeye.com/scim/v2
OAuth Bearer Token: Paste the API Key you copied from your Birdeye account.
Click Test API Credentials. Once successful, click Save.
Under the Provisioning > To App section, click Edit and enable the following supported options:
Create Users
Update User Attributes (This will update First Name, Last Name, and Role)
Deactivate Users
Click Save.
Step 3: Configure User Role Management (Custom Attribute)
User roles in Birdeye are managed via a custom attribute in Okta. You must create this attribute so Okta can pass the correct role to Birdeye.
In the Okta Admin Console, go to Directory > Profile Editor.
Under the Users tab, find the Birdeye app you created in Step 1 and click on its name (generally named Birdeye User).
Click Add Attribute and configure it with the exact details below:
Data type: string
Display name: Birdeye role
Variable name: role (Note: Okta will automatically prepend this with your app instance ID, e.g., scim2testapp_3uic5c1.role)
External name: role
External namespace: urn:ietf:params:scim:schemas:extension:custom:2.0:User
Description: Role of the user inside Birdeye
Attribute type: Personal
Leave all other options at their default settings.
4. Check the box for Define enumerated list of values. Add the three default Birdeye roles exactly as follows:
Display name / Value: owner / owner
Display name / Value: admin / admin
Display name / Value: guest / guest
(Note: If you utilize custom roles in Birdeye, you must add them here matching the exact spelling and casing used in Birdeye).
5. Click Save
6. Navigate back to the Birdeye app's Provisioning > To App section, scroll down to Attribute Mappings, click the edit icon and set Attribute values to ‘same for all users’ and choose ‘guest’ as default role from the dropdown.
Note: If a role is not explicitly selected for a user in Okta, their default role in Birdeye will automatically be set to guest.
Step 4: Group Management and Location Access
In Birdeye, access to specific business locations is controlled by Location Groups. You can manage which locations a user has access to by assigning them to Okta groups.
IMPORTANT GUIDELINES FOR GROUPS:
Mapping: Okta groups map directly to Birdeye location groups. You can view your location groups inside Birdeye by navigating to Settings > Account > Groups.
Exact Name Match: Before assigning any group to the Birdeye App in Okta, the group must already be present inside Birdeye with the EXACT same Name.
Location Access: When a user is assigned to a group in Okta, they will automatically be given access to all the corresponding Birdeye locations associated with that group inside the Birdeye platform.
Default Access (No Group): If a user is not part of any group in Okta, they will be provisioned as an enterprise user and granted access to all locations by default.
Limitations: Group creation, editing, or deletion inside Birdeye cannot be performed via Okta. Okta only manages the assignment of users to existing Birdeye groups.