cloudflare · deadlypants1973 · Jan 28, 2025 · Jan 27, 2025 · Jan 28, 2025
@@ -40,7 +40,7 @@ Additionally, you can configure Okta to use risk information from Zero Trust [us
 9. Set the **Groups claim filter** to _Matches regex_ and its value to `.*`.
 
    :::note
-   Groups managed outside of Okta (for example, Microsoft Entra ID or Google groups) may require different regex values. For more information, refer to the [Okta documentation](https://support.okta.com/help/s/article/Why-isnt-my-Groups-claim-returning-Active-Directory-groups).
+   Groups managed outside of Okta (for example, Microsoft Entra ID or Google groups) may require different regex values. For more information, refer to the Okta documentation on [Groups Claims](https://support.okta.com/help/s/article/Why-isnt-my-Groups-claim-returning-Active-Directory-groups) and [OpenID Connect Claims](https://support.okta.com/help/s/article/Can-we-retrieve-both-Active-Directory-and-Okta-groups-in-OpenID-Connect-claims).
    :::
 
 10. In the **General** tab, copy the **Client ID** and **Client secret**.
@@ -94,10 +94,7 @@ If you would like to only maintain one Okta app instance, Okta does support SAML
 
 ### 1. Enable SCIM in Zero Trust
 
-<Render
-	file="access/enable-scim-on-dashboard"
-	params={{ idp: "Okta"}}
-/>
+<Render file="access/enable-scim-on-dashboard" params={{ idp: "Okta" }} />
 
 ### 2. Configure SCIM in Okta
 
@@ -135,17 +132,17 @@ If you would like to only maintain one Okta app instance, Okta does support SAML
 
 13. Select **Save** to complete the configuration.
 
-14. In the **Assignments** tab, add the users you want to synchronize with Cloudflare Access. You can add users in batches by assigning a group. If a user is removed from the application assignment via a either direct user assignment or removed from the group that was assigned to the app, this will trigger a deprovisioning event from Okta to Cloudflare. 
+14. In the **Assignments** tab, add the users you want to synchronize with Cloudflare Access. You can add users in batches by assigning a group. If a user is removed from the application assignment via a either direct user assignment or removed from the group that was assigned to the app, this will trigger a deprovisioning event from Okta to Cloudflare.
 
 15. In the **Push Groups** tab, add the Okta groups you want to synchronize with Cloudflare Access. These groups will display in the Access policy builder and are the group memberships that will be added and removed upon membership change in Okta.
 
-	:::note
-	Groups in this SCIM app Push Groups integration should match the groups in your base [OIDC app integration](/cloudflare-one/identity/idp-integration/okta/#set-up-okta-as-an-oidc-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
-	:::
+    :::note
+    Groups in this SCIM app Push Groups integration should match the groups in your base [OIDC app integration](/cloudflare-one/identity/idp-integration/okta/#set-up-okta-as-an-oidc-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
+    :::
 
 To verify the integration, select **View Logs** in the Okta SCIM application.
 
-<Render file="access/verify-scim-provisioning"/>
+<Render file="access/verify-scim-provisioning" />
 
 ## Example API Configuration