Okta User & Teams Management and FAQs – Spekit Help Center

Managing users and teams in Okta with Spekit? This guide walks you through creating groups in Okta, understanding how user syncing works, and answers to common questions about Okta user and team management in Spekit.

ℹ️ Prerequisite: Ensure your company has set up the connection with Okta and you are logged in. You must have Account Admin-level access to manage users in Okta.

📌 Quick-Jump Topics

How to Create a Group in Okta and Add People to It: Setting up groups and assigning members
Will My Users Sync to Spekit from My IdP: How the one-way sync works
Okta User Management FAQs: Common questions about managing users through Okta
Okta Teams FAQs: Common questions about managing teams through Okta

How to Create a Group in Okta and Add People to It

How do I create a Group in Okta?

In Okta, navigate to Directory → Groups.
Click to create a new Group for the people in your organization (e.g. Account Executives).

Creating a group in Okta

How do I add people to a Group in Okta?

In Okta, navigate to Directory → People.
Click on the person you want to add to a Group.

Selecting a person in Okta

Search for the name of the Group you want to add them to.
Click the Group name to add the person to it (e.g. Account Executives).

Adding a person to a group in Okta

The Group you added the person to will now appear under the Groups section of their profile.

Group appearing on user profile in Okta

Will My Users Sync to Spekit from My IdP?

How does user syncing work between Okta and Spekit?

✅ Yes. You can push users and groups via SCIM from your IdP to Spekit. Here's what to know:

Pushing users and groups from your IdP will automatically create a user and Team in Spekit.
The sync is a one-way sync — it only syncs from your IdP to Spekit.
Spekit does not support pushing users or teams from Spekit back to your IdP.

Okta User Management FAQs

Can a user that's synced from an IdP be deleted manually from within Spekit?

❌ No. Your IdP is the source of truth. Users synced from your IdP should be managed from within your IdP, not Spekit.

How do I know which users have SSO enabled?

An icon will indicate SSO-connected users on the Manage Users screen in Spekit.

Can new users be invited via Salesforce once an IdP is connected?

❌ No. This functionality is deactivated once an IdP is connected. However, users can still be invited directly through Spekit.

How do new users get added to Spekit once an IdP is integrated?

When an IdP is first integrated, all IdP users are imported into Spekit (a one-time manual sync is performed to remove any duplicates). Going forward:

New users added to the IdP will receive an email inviting them to Spekit.
New users can also be invited to Spekit outside of the IdP, but they will not be connected to the IdP.

ℹ️ Excel Import note: Once a user uploads the mapping file, users are locked and can only be edited based on changes made to the sheet. If you need to edit it again, contact support@spekit.co.

How do I change my role for my IdP?

An Account Admin can change roles from the Manage Teams page by selecting an individual user.

Okta Teams FAQs

What happens to my existing Spekit teams when SSO/SCIM is connected?

When SSO/SCIM is connected, the following happens:

IdP teams are imported into Spekit.
If an IdP team has the same name as an existing Spekit team, a duplicate will be created. A one-time manual migration will be performed to remove duplicates.
Renaming a team in your IdP will reflect in Spekit. Teams named All Spekit Users or Spekit Account Admins cannot be added.
Spekit teams will not be pushed to the IdP.

Can a user belong to more than one Okta group?

✅ Yes. However, their role in Spekit will be Viewer by default regardless of which groups they belong to.

If a new team is created in the IdP after the initial sync, will it be pushed to Spekit?

Not automatically. The Admin must manually push the new team via their IdP for it to be created in Spekit.

Will new teams created in Spekit be reflected in the IdP?

❌ No. Teams created in Spekit are not pushed to the IdP. The sync is one-way — from IdP to Spekit only.

We have multiple Spekit accounts. How will this work with SSO?

SSO/SCIM can only be connected to your production account. Sandbox or additional accounts are not supported for SSO/SCIM connection.

Can IdP-connected teams be edited in Spekit?

Partially. Teams synced from the IdP cannot be renamed or deleted in Spekit since the IdP is the source of truth. However, Admins can edit the team's description and team access settings within Spekit.

How will the Admin know which teams are connected to the IdP vs. only in Spekit?

An IdP icon will appear next to any IdP-connected teams wherever teams are shown in Spekit, including the Manage Teams page and team selection dropdowns.

Can Spekit users be added to teams that are managed by the IdP?

❌ No. To be added to an IdP-connected team, the user must be in the IdP and added through the IdP. These teams will still appear in the team selection dropdown in Spekit but will be disabled and display an IdP icon next to them.

How do you remove a team in Spekit?

Teams can only be removed via the Spekit app. Deleting a team via the IdP is not currently supported.

Can there be teams in Spekit that aren't in the IdP?

✅ Yes. Teams created directly in Spekit will not be transferred to or reflected in the IdP.

How long does it take to sync information from the IdP to Spekit?

Typically between 10–15 seconds for both the initial sync and any subsequent syncs.

How do we avoid duplicate accounts for users who have both Salesforce and Spekit accounts?

During the SSO/SCIM setup, Admins are required to download a user mapping Excel sheet, confirm that users are mapped correctly, and re-upload the file to complete the migration. This process ensures duplicates are identified and resolved before the connection is finalized.