> ## Documentation Index > Fetch the complete documentation index at: https://docs.truu.ai/llms.txt > Use this file to discover all available pages before exploring further. # 3. Create the SAML app This app exists only to enable SCIM provisioning and push Groups. ### 3.1 Create the SAML app integration 1. In the Okta Admin Console, navigate to the "Applications" tab 2. Click **Create App Integration** 3. Select **SAML 2.** 4. Name it *TOTAL (Provisioning)* * Okta requires SAML values to create the app. Use these placeholders: * Single sign on URL: [https://total.invalid/saml/acs](https://total.invalid/saml/acs) * Recipient URL: [https://total.invalid/saml/acs](https://total.invalid/saml/acs) * Destination URL: [https://total.invalid/saml/acs](https://total.invalid/saml/acs) * Audience Restriction: [https://total.invalid/saml/metadata](https://total.invalid/saml/metadata) 5. **Save** the application ### 3.2 Enable SCIM on the SAML app and connect to TOTAL 1. Open the **TOTAL (Provisioning) app** 2. Go to the **Provisioning** tab 3. Click **Configure API Integration** 4. **Enable** API Integration 5. Enter the following: * **Base URL**: TOTAL SCIM Base URL * **API Token**: TOTAL SCIM Secret Token 6. Click **Test API Credentials** 7. Click **Save** ### 3.3 Turn on provisioning actions 1. Navigate to the Provisioning tab and select your app 2. Click **Edit**, select enable for the following: 1. Create Users 2. Update User Attributes 3. Deactivate Users 3. Click **Save** ### 3.4 Push groups Inside the TOTAL (Provisioning) app: 1. Go to **Push Groups** 2. Push the following groups: * TOTAL-Admin (required) * Any additional TOTAL groups you use 3. For each group, select **Create Group** and keep **Push group memberships immediately** enabled ### 3.5 Assign groups to the provisioning app Inside the TOTAL (Provisioning) app: 1. Go to **Assignments** 2. Assign the TOTAL-Admin group (and any other TOTAL groups) 3. To verify provisioning activity: * In the Okta Admin Console, navigate to the "Reports" tab, then click "System Log" * Filter by the *TOTAL (Provisioning)* app * Confirm provisioning events are present * **NOTE**: Only users assigned to the provisioning app (directly or via assigned groups) will be created, updated, or deactivated in TOTAL.