# CREATE SECURITY INTEGRATION ## Syntax ```sql CREATE SECURITY INTEGRATION [IF NOT EXISTS] security_integration_name WITH (security_integration_parameter = value [, ... ]); ``` ### Description Security integrations allow [#organiation](https://docs.deltastream.io/overview/core-concepts/access-control#organiation "mention")s to configure authentication and authorization mechanisms. Only a [role](https://docs.deltastream.io/overview/core-concepts/access-control#_role) with [MANAGE\_MEMBERS](https://docs.deltastream.io/overview/core-concepts/access-control#_privilege) privilege can create a security integration. ### Arguments #### **security\_integration\_name** Specifies the name of the new security integration. If the name is case sensitive you must wrap it in double quotes; otherwise the system uses the lower case name. #### WITH (**security\_integration**\_parameter = value \[, …​ ]) This clause specifies [#security-integration-parameters](#security-integration-parameters "mention"). ### Security Integration Parameters | Parameter Name | Description | | -------------- | --------------------------------------------------------------------------------------------------------------------------------- | | `type` |

Type of security integration.

Required: Yes

Valid values: SCIM

| ### SCIM Specific Parameters | Parameter Name | Description | | ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `scim.client` |

Type of SCIM client that will use the SCIM API.

Required: No

Valid values: OKTA

| | `scim.run_as_role` |

The role used to manage all users and custom roles for the SCIM integration.

Required: No

Valid values: okta\_skim\_provisioner for OKTA client.

Default: okta\_skim\_provisioner for OKTA client.

| ## Examples #### Create a OKTA SCIM security integration The following creates a new SCIM security integration with name `okta`: {% hint style="info" %} **Note** The role `okta_skim_provisioner` must exist with the `MANAGE_MEMBERS` privlege. {% endhint %} ```shell /# CREATE SECURITY INTEGRATION "okta" WITH ( 'type' = SCIM, 'scim.client' = OKTA, 'scim.run_as_role' = okta_skim_provisioner ); +----------------------+-------+----------+------------------------------------------+----------------------+-------------------+-------------------------------+ | Type | Name | Command | Summary | Token | Uri | Expires At | +======================+=======+==========+==========================================+======================+===================+===============================+ | security integration | okta | CREATE | security integration okta was | | | 2025-07-15 23:17:15 +0000 UTC | | | | | successfully created | | | | +----------------------+-------+----------+------------------------------------------+----------------------+-------------------+-------------------------------+ ``` You can use the `Uri` and `Token` from the response of this command to [configure an Okta App Integration](https://docs.deltastream.io/enterprise-security-integrations/okta-scim-integration).