SCIM: User provisioning with Okta
SCIM, or System for Cross-domain Identity Management, is an open standard that allows for the automation of user provisioning. It makes it easy to add, update or remove users across different applications simultaneously. The solution is built using the SCIM 2.0 specification.
In order to set up user provisioning with Okta, it has to be configured both in Scoro and Okta.
Note! Read more about OKTA and SCIM from here.
Setting up SCIM
Scoro SCIM setup
- SCIM settings can be found under Settings → Integrations → SCIM
- Admin users can set the default values for new users created via SCIM:
- Default entity (only available in case of multiple entities)
- Default user type
- Email notification with account data
- In order to enable the SCIM API, you must generate an OAuth bearer token
- After SCIM is enabled, the API credentials allow you to set up SCIM from Okta side
Okta App Integration
- In order to use Okta User Provisioning, you first need to configure Single Sign-On in the app.
- Check the manual for connecting Scoro and SSO.
- Check the manual for Okta SCIM from here.
- Once the SSO integration has been created, SCIM provisioning can be configured.
Add OKTA SCIM Provisioning
- After your integration is created, open the General tab.
- Choose Edit.
- Under Provisioning choose Enable SCIM provisioning.
- Save the settings.
Configure provisioning options
- In the integration Settings page, choose Provisioning.
- The SCIM connection settings are under Settings > Integration.
- Click Edit.
- Specify the SCIM connector base URL, which can be found under Scoro SCIM settings.
- Add userName as the unique identifier field for your users on your SCIM server.
- Choose the following provisioning actions under Supported provisioning actions:
- Import New Users and Profile Updates. This option populates the Settings > To Okta page. You can specify how Okta imports new users and user profile updates. For more details on importing people, see Import users.
- Push New Users. This option populates the Settings > To App page. It also contains the settings for all user information that flows from Okta into your SCIM app.
- Push Profile Updates. This option populates the Settings > To App page. It also contains the settings for all profile information that flows from Okta into your SCIM app. See about profile push.
- Groups are not supported by Scoro SCIM.
- Choose HTTP Header as Authentication Mode.
- Add Bearer token as Authorization. You can find the token under Scoro SCIM settings.
- Select Test Connector Configuration to ensure that the credentials are correct.
- Save the settings.
Mapping user attributes
After you have successfully saved the credentials, you will need to configure the To App and To Okta sections
- Open To App to choose which user-related actions can be performed.
- All options apart from Sync password are supported and can be enabled.
- Users can configure attribute mappings under My new applications - Attribute Mappings.
- Keep only the fields that can be synced with Scoro SCIM:
- Other listed attributes can be unmapped from the Profile Editor and then deleted from the mapping view because these values can’t be synced with Scoro SCIM .
- The complete list of mapped values
- Open To Okta to import existing users from Scoro, if necessary.
- Activate the application.
- You have completed the configuration and can start assigning people to Scoro under Assignments.
- User provisioning between Scoro and Okta is now configured.
Was this article helpful?
Thank you for your feedback!