SCIM Configuration with Okta

Updated 6 months ago by Andrew White

Before you can configure provisioning for atSpoke, make sure you have configured SAML in atSpoke (Settings > Integrations > SSO > SAML). SAML and SCIM are only available on atSpoke’s Plus plan.

The following provisioning features are supported:

  • Push new users
    • New users created through Okta will also be created in atSpoke
  • Import new users
    • New users created atSpoke application can be imported into Okta.
  • Map specific attributes
    • Attributes that live at the user level can be mapped from Okta to atSpoke
  • Push profile updates
    • Updates made to the user’s profile through Okta will be pushed to atSpoke
    • Both invited and active users can be updated
  • Push user deactivation
    • Deactivating the user in Okta will deactivate the user in atSpoke
      • Note: for this application, deactivating a user means removing the user’s account
      • Both invited and active users can be deactivated

atSpoke API token

To turn on SCIM, log into atSpoke. You will need to be an atSpoke admin to make these changes.

  1. Navigate to Settings
  2. Click the Integrations tab
  3. Scroll to the SCIM card and click Connect

Confirm you'd like to Enable SCIM to reveal the API token.

Copy the API token to the clipboard. You will need to paste this into Okta.

Okta configuration

Log into Okta, and navigate to "Applications" to search your active applications for "atSpoke"

  1. Click the "Provisioning" tab
  2. select "API Integration" from the left menu.
  3. Click "Configure API integration"
  4. Click the "Enable API Integration" checkbox
  5. Paste the API Token copied in Section 1 into this field
  6. Click Save

Provisioning features

Click the "To App" tab on the left menu. Select the provisioning features you wish to enable, and select Save.

  • Create Users: Enable this if you would like to create or link a user when assigning the app to a user in Okta
  • Update User Attributes: Enable this if you would like Okta to update user profiles in atSpoke. If this is enabled, Okta will overwrite user details in atSpoke.
  • Deactivate Users: Enable this if you would like a user's atSpoke account to be deactivated when it is unassigned in Okta, or when their Okta account is deactivated.

SCIM can be used to update the following attributes
  • Display name
  • Job title
  • Email
  • Joined teams
  • Manager name
  • Manager email
  • Employee Type
  • Location
  • Department
  • Start Date

Assigning the app

Select the "Assignments" menu on the right side.

Make sure to assign the app to yourself first.

From the Assignments menu, select "Assign" then choose "Assign to People" or "Assign to Group"

Choose the people or groups you'd like to assign by selecting the "Assign" button on the right side.

Select "Save and Go Back"

Confirm

Navigate back to atSpoke and check the user's profile to make sure that the user you assigned was updated. You will see the user you just added to Okta created as a user in atSpoke.

You can also navigate to the Integrations tab and click the SCIM Card. If SCIM is connected properly, you will just see the option to disable SCIM.

Mapping user attributes

To configure and map specific attributes from Okta to atSpoke

  1. Navigate to Users
  2. Select Profile Editor
  3. Click Mappings next to Applications


How did we do?


Powered by HelpDocs (opens in a new tab)