Connect allows you to create, remove, and manage your users through OKTA. Make sure that you have completed the previous steps outlined in the SSO and Directory Service - Start Here! document beforehand
NOTE: A Connect or Connect with Insights Subscription is required
NOTE: Provisioning requires the Lifecycle Management (LCM) add-on to be present in your OKTA subscription
NOTE: These instructions presuppose that you have the following groups setup in OKTA for the Connect application. If you do not please prepare these first:
- A group containing all Connect Users
- Specific Team or Project Groups
Setup Provisioning in OKTA
- Login to OKTA Admin
- Navigate to Applications>Applications
- Select "Browse App Catalog"
- Search and select "SCIM 2.0 Test App (OAuth Bearer Token)"
- Click "Add Integration"
- Set the Application Label to "Connect Provisioning" and select Done
- Once created, navigate to "Provisioning" at the top
- Click "Configure API Integration"
- Check the box labeled "Enable API Integration"
- In a separate tab or window, navigate to connect.extensis.com
- In Administration>Directory Service select the "Provisioning Configuration" Tab
- Return to the provisioning page in OKTA and copy the Tenant URL into the SCIM 2.0 Base Url and the Secret Token into the OAuth Bearer Token
- Select "Test API Credentials"
- If the test is successful, save the configuration
- This will open the "To App" Settings Tab, click Edit
- Enable the following:
Create User
Update User Attributes
Deactivate Users
- Under "Connect Provisioning Attribute Mappings" remove everything except:
user.firstName
user.lastName
user.email
(user.email != null && user.email != '') ? 'work' : '' - Save these changes
- Navigate to the "Assignments" tab
- Select "Add user/group"
- Click on Assign>Assign to Groups
- Select the group you built containing all your Connect Users (see Note at the top)
- Click "Save and Go Back"
- Navigate to the "Push Groups" Tab
- Select +Push Groups>Find groups by name and search for your group(s) containing your specific teams or projects (see Note at the top). You can either click "Save" or "Save & Add Another"
- When the group is being pushed out to Connect you will see a "Pushing" status next to the group:
then an "Active" status when it was successful: