<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
HubSpot Provisioning: Sync Okta Roles with HubSpot Permission Sets
Nov 18, 2025
Lifecycle Management
Okta Classic Engine
Okta Identity Engine
Overview

Okta can assign permissions to a user if their Role within the app assignment in Okta matches the exact name of the HubSpot permission set, including spaces and caps.

Applies To
  • Okta Provisioning
  • HubSpot
  • Syncing Roles
Solution

In most scenarios, user's roles are managed through group-based assignments, allowing Okta admins to set roles based on Okta groups rather than individual user profile attributes. This article will focus on the group-based assignments approach.

Below are the steps to follow.

 

Prerequisites


Step 1: Add a New Role Attribute to the HubSpot App Schema

  1. Navigate to Directory > Profile Editor.
  2. Search for the HubSpot app profile and select it.
  3. Click on Add Attributes and define a new role attribute with the following options:
    • Data type: string array
    • Display name: Roles
    • Variable name: roles
    • External name: roles (Please consult with the application's support to confirm what to fill in for External name)
    • External namespace: urn:ietf:params:scim:schemas:core:2.0:User
    • Description: (optional)
    • Enum: (optional)
    • Attribute type: Group (Personal only if Permission Sets will not be configured by group app assignment)
    • Group Priority: Determines what to do if a user is a member of more than 1 group app assignment (see Assign attribute group priority)
    • Remember that each value to be assigned and provisioned must be an exact character match with the associated Permission Sets name (see HubSpot Knowledge page Create and edit permission sets). 
  4. Save the changes.

 

Step 2: Assign a Group to the HubSpot App

  1. Go to Applications > HubSpot > Assignments > Assign > Assign to Groups.
  2. Select the desired group by clicking Assign.
  3. Add the desired roles by clicking Add Another.
  4. Save the changes.
Edit Group Assigment

 

Step 3: Validate the Assignment

  1. Confirm that users who are part of the selected group have been successfully assigned to the HubSpot application.
  2. Verify that the role values were successfully pushed by checking the users' permission sets in HubSpot.

Recommended content

Still looking for help?
Loading
HubSpot Provisioning: Sync Okta Roles with HubSpot Permission Sets