Configure SCIM on Okta
As an application from the OINAn acronym for the Okta Integration Network. The OIN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OIN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs., Advanced Server Access has the capability to sync your Users and GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. from the Okta Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API., making it easier for managers to specify people, memberships, and roles across the services.
To do so, configure the API integration with the following steps:
Go to the Advanced Server Access Application in the Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Dashboard and select the ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. tab.
- Click the Configure API Integration button.
Next, check the Enable API Integration checkbox, and then click the Authenticate with Okta Advanced Server Access button.
Next, grant permissions to Okta and create a Service User after being redirected to the Advanced Server Access platform. You can learn more about Service Users here. Choose a username and click Approve.
Once you're redirected to Okta, choose the integrations that you want to enable with Advanced Server Access. You have the option to Create Users, update User Attributes, and Deactivate Users. Select all and click Save
Your Okta Users are now directly provisioned to Advanced Server Access, and any changes will be automatically reflected. Next, you can configure Group Sync to provision roles and memberships as well.
Configure Group Sync to provision Roles and Membership
Create some Users and Groups in Okta and assign the Groups the Advanced Server Access application.
Note: Any users and groups created in Okta before configuring SCIMSystem for Cross-domain Identity Management (SCIM) is an open standard that allows for the automation of user provisioning. It was created in 2011 as it became clear that the technology of the future would be cloud-based. SCIM communicates user identity data between identity providers (such as companies with multiple individual users) and service providers requiring user identity information (such as enterprise SaaS apps). In short, SCIM makes user data more secure and simplifies the user experience by automating the user identity lifecycle management process. must be removed and then re-added in order to be managed automatically.
Select the Push Groups tab in the Advanced Server Access Application in Okta Admin. Here, you can add any of your Groups to automatically sync with the downstream Advanced Server Access application.
- Select the Push Groups button and select Find groups by name.
- Find one of your groups and check the Push group membership immediately checkbox. Repeat this process for every Group you want to sync and then click Save
Once activated, the sync will take place immediately and its status in the Push Status column relative to your group will have its value changed to Active when completed.Top