Guides

Okta

This is a comprehensive step-step guide to set up SCIM with Okta

Suggest Edits

1. Enable SCIM

  1. Open the application that is configured for the SAML in the Okta admin dashboard. click the edit.

    Screenshot 2024-02-12 at 4.29.37 PM.png

  2. Toggle on the SCIM, and Save.

    Screenshot 2024-02-12 at 4.29.58 PM.png

2. Add the SCIM Connector to Okta Settings

  1. In the Provisioning tab, add https://api.alloy.co/scim/v2 in the SCIM connector base URL. and, email to the Unique identifier field for users. Enable the actions you want in the “Supported provisioning actions”.
    (Please note:💡 ”SCIM connector base URL” might differ for different environments.)

    Screenshot 2024-02-12 at 4.52.48 PM.png

  2. Add the Authentication. We only support “Basic auth“ currently. please reference to https://developer.alloy.com/public/docs/authentication-guide

    1. For Basic Auth. use the workflow_token as Username and workflow_secret as password.

      Screenshot 2024-01-31 at 4.53.30 PM.png

  3. Click “Test Connector Configuration”, you should see the “Connector configured successfully” message

Screenshot 2024-02-02 at 1.09.31 PM.png

  1. Save the integration changes.

  2. Enable the “Create Users”, “Update User Attributes” and “Deactivate Users” in the “To App” tab. Based on the use case, customers can choose to enable/disable them.
    (Please note:💡 The ”To App” tab will only show after saving the integration setting”)

    Screenshot 2024-02-02 at 1.02.36 PM.png

  3. Remove useless Attribute Mappings in “To App”. we only need “username”, “Given name”, “Family name”, “Email”, Display name”, and “Primary phone”. ("Primary phone" is optional.)

Screenshot 2024-02-02 at 1.06.59 PM.png
  1. In the To Okta tab, make sure the Email Address is selected for Okta username format.
Screenshot 2024-02-12 at 5.00.51 PM.png
  1. (Optional) Remove useless Attribute Mapping in the “To Okta” tab.
Screenshot 2024-02-02 at 1.12.21 PM.png

3. Assign the Okta user to the Alloy app.

  • Assign by individual. It will push individual users to the alloy.
    Screenshot 2024-02-12 at 5.04.15 PM.png
    Screenshot 2024-02-12 at 5.04.56 PM.png
  • Assign by Groups. It will push all the people in the group to the alloy.
    Screenshot 2024-02-12 at 5.12.01 PM.png
    Screenshot 2024-02-12 at 5.06.03 PM.png
    Screenshot 2024-02-12 at 5.06.08 PM.png

  1. To remove the user

    1. For added type individual, click the ‘X’ button on the “People” tab.

      Screenshot 2024-02-12 at 5.06.32 PM.png

    2. For added type Grop, click the ‘X’ button on the “Groups” tab. It will remove all the users in the groups from Alloy.

      Screenshot 2024-01-31 at 6.45.35 PM.png

4. Push Okta Groups as Roles in Alloy

  1. Push groups to the Alloy. The group is equivalent to the role in the Alloy. Push group will assign the role for the user which was pushed to the Alloy.

    Screenshot 2024-02-12 at 5.07.00 PM.png Screenshot 2024-02-12 at 5.07.25 PM.png Screenshot 2024-02-12 at 5.07.34 PM.png

  2. To remove the group(role), click the Unlink pushed group. it will remove the group(role) from the Alloy. and set the Empty role for the users who are in the group(role)

    Screenshot 2024-02-12 at 5.07.52 PM.png

5. Import Alloy User and Groups to Okta (Optional)

  1. Make sure to select the User Creation& Matching rule that matches to your use case in the ProvisioningTo Okta tab.

    Screenshot 2024-02-12 at 5.22.28 PM.png

  2. Click Import Now in the Import tab.

    Screenshot 2024-02-12 at 5.31.57 PM.png

  3. If auto-confirm was not selected, it will show all the match results for manual User assignment. Confirm the user assignment.

    Screenshot 2024-02-12 at 5.29.59 PM.png

Updated about 1 month ago