OKTA SCIM Configuration

OKTA SCIM Configuration

Roles: Primary Admins

Below are the steps you need to follow: 

  1. Sign in to your Okta org with your administrator account.



  1. Once logged in, click the Admin button in the top right corner.


  1. Select the Applications-> Applications  tab in the left panel.



  1. Enable SCIM in Auzmor Learn


Auzmor Learn: Login as Primary Admin -> Settings -> Single Sign-on -> Configure OKTA -> Set/Update the SSO metadata XML -> Select the SCIM tab -> Enable SCIM and click the CTA Generate Key -> Click Update and save the changes.


  1. Okta provides two types of App flows to use SCIM provisioning

    a) AIW apps - SCIM provisioning for an external / external existing app.

    b) OIN integration Apps -  SCIM as a standalone app.

You can
enable SCIM in either one of these two ways.

  • Enable SCIM Provisioning steps in OKTA AIW apps.


  1. Click Create App Integration and Select SAML 2.0

  1. Follow the steps in the Okta SSO configuration help article to set up the SSO.


Note: We can also set up SCIM provisioning steps as below for existing SSO-configured apps. or create new ones, as outlined in steps a and b.


  1. After successful SSO integration, click the General tab.

  2. In the App Settings section, click Edit.

  3. In the Provisioning field, select Enable SCIM Provisioning, and then click Save.


  1. Add SCIM provision configs in Okta. Click the Provisioning tab. The SCIM connection settings appear under Settings -> Integration.

  2. In Settings -> Integration, click Edit.

  3. Specify the SCIM connector base URL with the Tenant URL from Auzmor Learn Single Sign On Scim settings

  4. Specify the Unique Identifier field for users as userName

  5. Specify the Supported provisioning actions by enabling the 

  • Import New Users and Profile Updates

  • Push New Users

  • Push Profile Updates

  • Push Groups

  1. Use the Authentication Mode dropdown menu and choose the HTTP HEADER

  2. Under Authorization fill with Secret Key from Auzmor Learn Single Sign On Scim settings

  3. Click Test connector configuration and ensure the connection is accomplished successfully.

  4. Click Save


  • Enable SCIM Provisioning steps in OKTA OIN apps.

  1. Select Applications -> Applications.

  2. Click Browse App Catalog.

  3. Search for “SCIM 2.0 Test App (OAuth Bearer Token)” and select it.


  1. Click Add Integration


  1. On the General Settings page, set the name of your app and click Next.


f) Under Sign-On options , Select the SAML 2.0 


g) Fill Delay Relay state with RelayState/Start URL from Auzmor -> Settings -> Single Sign On -> Okta 


h) Under attributes -> Attributes Statements, add FirstName and LastName


i) Under Advanced Sign-on Settings, Enter the ACS URL and Audience URI with ACS URL and Entity ID values from  Auzmor -> Settings -> Single Sign On -> Okta 

j) Set the Application username format as Okta username

k) Click Done




l) Under SignOn -> Settings -> SAML 2.0 -> MetaData details -> MetaData URL -> Copy and paste the link in the new tab -> copy the data and create a new text file and save it with a .xml extension. This file has to be uploaded in Auzmor Learn under Auzmor -> Settings -> Single Sign On -> Okta -> Upload Metadata XML

m) Click the Provisioning tab, then in the main panel click Configure API Integration. Select the Enable API Integration checkbox. Enter the SCIM 2.0 Base URL with the Tenant URL from Auzmor Learn Single Sign On SCIM Settings . Configure the Oauth Bearer Token with the Secret Key from Auzmor Learn Single Sign On SCIM Settings

n) Click Test API Credentials and  ensure the connection is established successfully.

o) Click Save.


6. Configure the SCIM options for the created AIW / OIN APP integrations 

7. On the Provisioning tab of your Okta integration page, Select To App and click Edit under the provisioning to App

8. Enable the Create Users, Update User Attributes, Deactivate users options and Click save



9. User Assignments for provisioning.


  1. Under Assignments tab -> Select Assign -> Assign to people



  1. A popup with the list of users in the Directory -> People appears.


  1. Select the user you want to provision to Auzmor Learn and click assign.

  2. A popup of user form will appear, Fill the necessary fields and click Save and Go back.

Note: For Manager value and Manager display name fields, add the manager ID and manager email address in the Auzmor Learn to provision.

 



  1. On facing errors, you can use the Dashboard -> Tasks tabs to identify, correct and retrying the assignments.


10. Edit the assignments under Assignments -> select the edit icon alongside the assigned user -> Edit the form and save



11. Or Edit the users globally under the Directory -> People -> User -> Profile tab -> Edit -> Save



12. Deprovision user from the application in any one of the following ways.


  1. Under Assignments tab, click the cross icon to unassign the particular user from particular application

Note: Once the user is unassigned, the user will be soft deleted and in order to re-assign you need to again assign the user.


  1. Make it globally through navigating to Directory -> People -> User -> More Actions -> Deactivate. You can also delete that particular user by filtering the deactivated user through the filters, select user and click Delete.

Note: If the user is deactivated and not deleted, and you are activating him,  though you need to assign the users again to the respective apps to get into the provisioning flow.




  • Disable SCIM Provisioning steps in OKTA AIW apps.

  1. Under the General tab -> App Settings -> Edit -> Deselect the Enable Scim Provisioning -> Save

  2. You will be prompted with Remove provisioning pop up. Select Remove Provsioning

  • Disable SCIM Provisioning steps in OKTA OIN apps.

Under Provisioning tab -> Integration -> Edit -> Deselect the Enable API integration -> Save


    • Related Articles

    • Okta SSO Configuration

      Below are the steps to Configure Okta SSO: Enter the Login credentials and click Sign In button Once logged in, please ensure that you are accessing the platform as an Admin (Using the “Admin” View) Click on the Applications option on the Left-Hand ...
    • Azure Active Directory SCIM Configuration

      Roles: Primary Admins Here are the steps that you need to follow: 1. Login to the Azure Portal - Microsoft Entra admin center as at least an Application Administrator. 2. Select Enterprise Applications 3. Select + New application > + Create your own ...
    • G-Suite SSO Configuration

      G-Suite SSO Configuration Login in to Google Admin account From the apps menu select Admin Click Apps in the admin console Click tile that says SAML apps Click yellow plus icon at the bottom right Click SETUP MY OWN CUSTOM APP at the bottom Note down ...
    • Azure Active Directory SSO Configuration

      Azure Active Directory SSO Configuration Login in azure portal with the Microsoft account Click Azure Active Directory in the homepage Click Enterprise applications under Manage tab on the left Click the New application Select the Non-gallery ...
    • SharePoint app-only Configuration Azure AD application

      Description: Accessing SharePoint using an application context, also known as app-only can be done by using an Azure AD application. In Azure AD when doing app-only you typically use a certificate to request access: anyone having the certificate and ...