How to Configure Ramp Role Assignments in the Okta App User Profile to Sync with Ramp Roles via SCIM Integration
Apr 21, 2026
Okta Classic Engine
Okta Identity Engine
Okta Integration Network
Overview
This article explains how to set up a roles attribute on the Ramp user profile in Okta that syncs to Ramp user roles via SCIM integration.
Applies To
- Ramp
- Provisioning
Solution
- Navigate to Profile Editor under Directory in the Okta sidebar menu.
- Search the Ramp application user profile.
- Click Add Attribute to create a new attribute for role assignments.
Configure the following settings:
- Enter the display name and variable name.
- Set the External name to
roles.^[type=='rampUserRole'].value. - Set the External namespace to
urn:ietf:params:scim:schemas:core:2.0:User. - Add a description.
In the Attribute enum section, configure the following roles:
| Display name | Value |
| Owner | BUSINESS_OWNER |
| Admin | BUSINESS_ADMIN |
| Cardholder | BUSINESS_USER |
| Bookkeeper | BUSINESS_BOOKKEEPER |
| Guest | GUEST_USER |
| IT Admin | IT_ADMIN |
The role attribute can remain optional. If no role value is specified, Ramp will either:
-
- Keep the user's existing role (for updates to existing users).
- Default to creating the user as a
BUSINESS_USER(for new users).
To assign roles to users, navigate to the Mappings section of the application. Rules can be created here to automatically assign roles based on:
- Group membership
- Other profile attributes
- Any combination of conditions supported by Okta's expression language
Once configured, users provisioned to Ramp will receive their designated roles based on the mapping rules.
NOTE:
- Cardholder includes both users and managers. Manager users should be assigned the
BUSINESS_USERrole. - The
GUEST_USERrole can only be assigned during initial user creation. Consider using group-based assignments to ensure users who need the Guest role receive it during their initial provisioning.
