Sign in to your Okta org with your administrator account.
Once logged in, click the Admin button in the top right corner.
Select the Applications-> Applications tab in the left panel.
Enable SCIM in Auzmor Learn
Auzmor Learn: Login as Primary Admin -> Settings -> Single Sign-on -> Configure OKTA -> Set/Update the SSO metadata XML -> Select the SCIM tab -> Enable SCIM and click the CTA Generate Key -> Click Update and save the changes.
Okta provides two types of App flows to use SCIM provisioning
a) AIW apps - SCIM provisioning for an external / external existing app.
b) OIN integration Apps - SCIM as a standalone app.
You can enable SCIM in either one of these two ways.
Click Create App Integration and Select SAML 2.0
Follow the steps in the Okta SSO configuration help article to set up the SSO.
Note: We can also set up SCIM provisioning steps as below for existing SSO-configured apps. or create new ones, as outlined in steps a and b.
After successful SSO integration, click the General tab.
In the App Settings section, click Edit.
In the Provisioning field, select Enable SCIM Provisioning, and then click Save.
Add SCIM provision configs in Okta. Click the Provisioning tab. The SCIM connection settings appear under Settings -> Integration.
In Settings -> Integration, click Edit.
Specify the SCIM connector base URL with the Tenant URL from Auzmor Learn Single Sign On Scim settings
Specify the Unique Identifier field for users as userName
Specify the Supported provisioning actions by enabling the
Import New Users and Profile Updates
Push New Users
Push Profile Updates
Push Groups
Use the Authentication Mode dropdown menu and choose the HTTP HEADER
Under Authorization fill with Secret Key from Auzmor Learn Single Sign On Scim settings
Click Test connector configuration and ensure the connection is accomplished successfully.
Click Save
Select Applications -> Applications.
Click Browse App Catalog.
Search for “SCIM 2.0 Test App (OAuth Bearer Token)” and select it.
Click Add Integration
On the General Settings page, set the name of your app and click Next.
f) Under Sign-On options , Select the SAML 2.0
g) Fill Delay Relay state with RelayState/Start URL from Auzmor -> Settings -> Single Sign On -> Okta
h) Under attributes -> Attributes Statements, add FirstName and LastName
i) Under Advanced Sign-on Settings, Enter the ACS URL and Audience URI with ACS URL and Entity ID values from Auzmor -> Settings -> Single Sign On -> Okta
j) Set the Application username format as Okta username
k) Click Done
l) Under SignOn -> Settings -> SAML 2.0 -> MetaData details -> MetaData URL -> Copy and paste the link in the new tab -> copy the data and create a new text file and save it with a .xml extension. This file has to be uploaded in Auzmor Learn under Auzmor -> Settings -> Single Sign On -> Okta -> Upload Metadata XML
m) Click the Provisioning tab, then in the main panel click Configure API Integration. Select the Enable API Integration checkbox. Enter the SCIM 2.0 Base URL with the Tenant URL from Auzmor Learn Single Sign On SCIM Settings . Configure the Oauth Bearer Token with the Secret Key from Auzmor Learn Single Sign On SCIM Settings
n) Click Test API Credentials and ensure the connection is established successfully.
o) Click Save.
6. Configure the SCIM options for the created AIW / OIN APP integrations
7. On the Provisioning tab of your Okta integration page, Select To App and click Edit under the provisioning to App
8. Enable the Create Users, Update User Attributes, Deactivate users options and Click save
9. User Assignments for provisioning.
Under Assignments tab -> Select Assign -> Assign to people
A popup with the list of users in the Directory -> People appears.
Select the user you want to provision to Auzmor Learn and click assign.
A popup of user form will appear, Fill the necessary fields and click Save and Go back.
Note: For Manager value and Manager display name fields, add the manager ID and manager email address in the Auzmor Learn to provision.
On facing errors, you can use the Dashboard -> Tasks tabs to identify, correct and retrying the assignments.
10. Edit the assignments under Assignments -> select the edit icon alongside the assigned user -> Edit the form and save.
11. Or Edit the users globally under the Directory -> People -> User -> Profile tab -> Edit -> Save
12. Deprovision user from the application in any one of the following ways.
Under Assignments tab, click the cross icon to unassign the particular user from particular application
Note: Once the user is unassigned, the user will be soft deleted and in order to re-assign you need to again assign the user.
Make it globally through navigating to Directory -> People -> User -> More Actions -> Deactivate. You can also delete that particular user by filtering the deactivated user through the filters, select user and click Delete.
Note: If the user is deactivated and not deleted, and you are activating him, though you need to assign the users again to the respective apps to get into the provisioning flow.
Under the General tab -> App Settings -> Edit -> Deselect the Enable Scim Provisioning -> Save
You will be prompted with Remove provisioning pop up. Select Remove Provsioning
Under Provisioning tab -> Integration -> Edit -> Deselect the Enable API integration -> Save