You can now manage SendSafely admin access the same way you manage users, roles, and lifecycle events through Okta. By defining a user profile extension, SendSafely can automatically grant or revoke Admin privileges based on a new "isAdmin" attribute sent through SCIM.

When enabled: 

• SendSafely will sync a user’s Admin status based on the isAdmin property submitted via SCIM

  • isAdmin = True -> user is admin in SendSafely

  • isAdmin = False -> user is NOT an admin in SendSafely

  • isAdmin null or missing > ignored, SendSafely leaves Admin status as current setting for user 

• Users with login type 'SAML' in SendSafely have their admin rights granted and revoked via SCIM only, the option to toggle Admin rights in the Enterprise Console is disabled. Users with a login type that is not SAML (i.e. user name + password break glass accounts) are still managed in the SendSafely Enterprise Console
• An email notification is sent to all Admins in the portal whenever a user's Admin rights are changed.

This feature must be turned on for your organization by the SendSafely support team. A SendSafely portal admin should submit a secure message to support@sendsafely.com to request this functionally be enabled.

Below are the steps to add isAdmin to the Okta SendSafely App User Profile. These steps assume the Okta SendSafely app, with SCIM user provisioning is already configured in Okta and the support team has enabled this feature.

1. In Okta, as an Admin, navigate to Directory > Profile Editor > Users tab > Apps. Click on the SendSafely app

2. On the next screen - click on the “Add Attribute” button to open the add attribute form

3. Complete the form with the following information and click SAVE ATTRIBUTE

• Data type: Boolean
• Display name: SendSafely Portal Admin
• Variable name: sendsafely_isAdmin
• External name: isAdmin
• External namespace: urn:ietf:scim:schemas:extension:SendSafely:2.0:User 
• Description: “Grants user Admin rights in the SendSafely application”
• Enum: N/A
• Attribute required: Recommended value is “Yes” (Undefined values are ignored by SendSafely, i.e. the user retains their prior Admin Status - true or false)
• Attribute type: Personal
• Mutability: READ_WRITE

Note: Display name, Variable name and Description are not used by Sendsafely and can be customized 

4. Once configured, Admins will be able to assign SendSafely Admin rights to users from the SendSafely Application > User profile in Okta. Navigate to Applications in the left hand menu, then the Assignments tab. Next click either the blue "Assign" button (new SendSafely user), or the edit pencil to update an existing user.

Once on the user's app profile, you will be able to set the SendSafely Portal Admin status.

Appendix  - Response format:

{

    "schemas": [

        "urn:ietf:params:scim:api:messages:2.0:ListResponse"

    ],

    "totalResults": X,

    "itemsPerPage": 5,

    "startIndex": 1,

    "Resources": [

        {

            "schemas": [

                "urn:ietf:params:scim:schemas:core:2.0:User",

                "urn:ietf:scim:schemas:extension:sendsafely:2.0:User"

            ],

            "id": "jane.example@sendsafely.com",

            "userName": "jane.example@sendsafely.com",

            "name": {

                "formatted": "Example Jane",

                "familyName": "Example",

                "givenName": "Jane"

            },

            "active": true,

            "userLastLoggedInTimeStamp": "Dec 9, 2025 6:40:12 PM",

            "urn:ietf:scim:schemas:extension:sendsafely:2.0:User": {

                "isAdmin": true

            }

        },