Okta user sync tutorial

tashian · tashian · commit d38b92f432c6 · 2025-10-23T22:09:04.000+02:00
diff --git a/tutorials/sync-okta-users-to-smallstep.mdx b/tutorials/sync-okta-users-to-smallstep.mdx
@@ -62,71 +62,70 @@ In this quickstart, we will:
 2. Copy and paste your **Client ID** and **Client Secret** from Okta.
 3. The **Configuration Endpoint** is derived from your Okta domain. Fill your Okta domain into the following URL:
   
-  `https://{your Okta domain}/.well-known/openid-configuration`
+    `https://{your Okta domain}/.well-known/openid-configuration`
 
-   This is your **Configuration Endpoint**. For example, if you normally sign into Okta at `https://example.okta.com/`, then your configuration endpoint is `https://example.okta.com/.well-known/openid-configuration`
+     This is your **Configuration Endpoint**. For example, if you normally sign into Okta at `https://example.okta.com/`, then your configuration endpoint is `https://example.okta.com/.well-known/openid-configuration`
 
 4. Select how you'd like to sync users from Okta.
 5. **Save**
 6. After saving, you will see a Base URL for SCIM sync, and a SCIM token. Copy these values for the next step.
 
 ### Step 3. Add the Smallstep App Integration and Configure User Sync in Okta
 
-* In the Okta admin console, add the Smallstep application
+1. In the Okta admin console, add the Smallstep application
   * Applications → Browse App Catalog
     * Search for `Smallstep`
     * Select the Smallstep app.
-* Click "Add"
+2. Click "Add"
 
       ![](/graphics/quickstart/okta-app-add.png)
 
-* Select "Do not display application icon to users"
-* Select "Do not display application icon in the Okta Mobile App"
-* De-select "Automatically log in when user lands on login page"
-* Click Next
+3. Select "Do not display application icon to users"
+4. Select "Do not display application icon in the Okta Mobile App"
+5. De-select "Automatically log in when user lands on login page"
+6. Choose Next
 
       ![](/graphics/quickstart/okta-app-signon.png)
 
-* Select "Administrator sets username, user sets password"
-* Application username format: "Okta username prefix"
-* Update application username on "Create and update"
-* Done
+7. Select "Administrator sets username, user sets password"
+8. Application username format: "Okta username prefix"
+9. Update application username on "Create and update"
+10. Done
 
 ### Configure Provisioning
-* Select the "Provisioning" tab
-* Click "Configure API Integration" and select the checkbox next to "**Enable API integration**"
 
-    ![](/graphics/quickstart/okta-enable-api.png "Enable API")
-
-* Paste your **Base URL** for SCIM sync and **API Token** (SCIM Token) into Okta Provisioning form.
-* In Okta, choose **Test API Credentials**. After successful verification, choose **Save**.
+Next, we'll turn on SCIM provisioning of users from Okta.
 
-  ![](/graphics/quickstart/okta-api-auth.png "API Auth")
+1. Select the "Provisioning" tab
+2. Click "Configure API Integration" and select the checkbox next to "**Enable API integration**"
 
-* Reload the provision tab
-* Under Provisioning → Settings → To App, choose **Edit** and enable
-  * Create Users
-  * Update User Attributes
-  * Deactivate Users
-* Save.
-
-  ![](/graphics/quickstart/okta-enable-sync.png "enable and save")
+    ![](/graphics/quickstart/okta-enable-api.png "Enable API")
 
-* Assignments
-  * Select the **Assignments** tab → Click **Assign**  → **Assign to Groups**
-  * Search by group → Assign any groups that will use Smallstep
-  * Group names that contain a `/` are not supported
-* Push Groups
-  * Select the **Push Groups** tab → **Push Groups** → **Find Groups By Name**
-  * Search for the same groups that will use Smallstep
-  * Save.
-  * Repeat for each desired group.
+3. Paste your **Base URL** for SCIM sync and **API Token** (SCIM Token) into Okta Provisioning form.
+4. In Okta, choose **Test API Credentials**. After successful verification, choose **Save**.
+
+   ![](/graphics/quickstart/okta-api-auth.png "API Auth")
+
+5. Reload the provision tab
+6. Under Provisioning → Settings → To App, choose **Edit** and enable the following:
+   * Create Users
+   * Update User Attributes
+   * Deactivate Users
+7. Save.
+8. Configure Assignments:
+   * Select the **Assignments** tab → Click **Assign**  → **Assign to Groups**
+   * Search by group → Assign any groups that will use Smallstep
+   * Group names that contain a `/` are not supported
+9. Configure Push Groups:
+   * Select the **Push Groups** tab → **Push Groups** → **Find Groups By Name**
+   * Search for the same groups that will use Smallstep
+   * Save.
+   * Repeat for each desired group.
 
 ## Confirmation
 
 Back in Smallstep, go to [Users](https://smallstep.com/app/?next=/users).
 You should see your Okta users here.
-Users will sync continuously.
 
 When users are deactivated in Okta, they will be deactivated in Smallstep.
 Their devices will remain in Smallstep.
