SCIM Okta Configuration
This guide provides step-by-step instructions for integrating Okta with SCIM to provision users and groups in the IOMETE Account Console. Follow the steps below to seamlessly configure Okta for SCIM with IOMETE.
Okta SCIM Configuration Steps
1. Enable SCIM Provisioning
- In
General
tab of theSAML client you created for IOMETE
, editApp Setting
. - Select option
SCIM
forProvisioning
. - Click
Save
button to enable SCIM Provisioning
![Enable SCIM | IOMETE](/resources/assets/images/enable-scim-okta-2929af7986cdb42c60255e77c1770493.png)
![Enable SCIM | IOMETE](/resources/assets/images/enable-scim-okta-2929af7986cdb42c60255e77c1770493.png)
Once saved, a tab labeled Provisioning
will appear.
![Enabled SCIM | IOMETE](/resources/assets/images/enabled-scim-okta-568322946fd61a70cc941235b784ab2b.png)
![Enabled SCIM | IOMETE](/resources/assets/images/enabled-scim-okta-568322946fd61a70cc941235b784ab2b.png)
2. Configure SCIM Provisioning
- Go to
Provisioning
tab, and clickEdit
button - Ensure all relevant information is entered into the input fields.
- Follow the steps here for a detailed guide on the required inputs and configurations for setting up SCIM.
- Click the
Test Connector Configuration
button to verify if the configuration is valid. - Close this window and proceed to the next section.
![Configure SCIM | IOMETE](/resources/assets/images/configure-scim-okta-56a453dde9cd2a8af78ebd05599ae434.png)
![Configure SCIM | IOMETE](/resources/assets/images/configure-scim-okta-56a453dde9cd2a8af78ebd05599ae434.png)
![Test connector configuration result | IOMETE](/resources/assets/images/test-connector-configuration-result-okta-88b3f3a6484d2b733788de634346fd02.png)
![Test connector configuration result | IOMETE](/resources/assets/images/test-connector-configuration-result-okta-88b3f3a6484d2b733788de634346fd02.png)
If everything is configured correctly, the window shown in the image on the right will appear.
Once everything is set up, check the Enable
checkboxes based on the actions you want to provision, as illustrated in the picture below.
![Enable provisioning to app from okta | IOMETE](/resources/assets/images/enable-provisioning-to-app-from-okta-3e9cd4a18745097300d8fb6fb1d182b7.png)
![Enable provisioning to app from okta | IOMETE](/resources/assets/images/enable-provisioning-to-app-from-okta-3e9cd4a18745097300d8fb6fb1d182b7.png)
3. Provision Users
- Navigate to the
Assignments
tab and assign the desired users or groups to theSAML client you created for IOMETE
.
![Provision users | IOMETE](/resources/assets/images/provision-users-okta-d8a5eeabb8193517b603c929c0e516f1.png)
![Provision users | IOMETE](/resources/assets/images/provision-users-okta-d8a5eeabb8193517b603c929c0e516f1.png)
Once this is done, the assigned users or members of the assigned groups will be provisioned from Okta to IOMETE with an IDP
origin
![Provisioned users from Okta | IOMETE](/resources/assets/images/provisioned-users-okta-e1967ca0d0a947ab554be103e0706b94.png)
![Provisioned users from Okta | IOMETE](/resources/assets/images/provisioned-users-okta-dark-27f5fc6a3c88b76c3cca777193d98c97.png)
4. Provision Groups
- Navigate to the
Push Groups
tab. - Click
+ Push Groups ▼
button, and select group or groups to provision. - Push status
Active
means that group has been provisioned to IOMETE.
![Provision groups | IOMETE](/resources/assets/images/provision-groups-okta-3706b32e44462454ebdf4674477e47f4.png)
![Provision groups | IOMETE](/resources/assets/images/provision-groups-okta-3706b32e44462454ebdf4674477e47f4.png)
Once this is done, the pushed group or groups will be provisioned from Okta to IOMETE with an IDP
origin.
Picture below shows groups in IOMETE console Groups
page.
![Provisioned group from Okta | IOMETE](/resources/assets/images/provisioned-group-okta-2d62cfde0c52dc4c15be8588067edbe9.png)
![Provisioned group from Okta | IOMETE](/resources/assets/images/provisioned-group-okta-dark-65a5c18158fe7c50885ab0cc00ba92c5.png)
If you navigate to the group's information page, you will see IDP
mappings between Okta users and groups,
as members are provisioned along with the group.
![Group detailed page | IOMETE](/resources/assets/images/group-detailed-page-okta-2311726c959c75b3a7365ebc0378a6bd.png)
![Group detailed page | IOMETE](/resources/assets/images/group-detailed-page-okta-dark-98455b46c79680f46c3aa39267294323.png)
As user-group mappings are provisioned, the user's information page is updated accordingly. The pictures below illustrate the before and after versions of the user's information page following group provisioning in IOMETE.
![User page before group provisioning | IOMETE](/resources/assets/images/user-detailed-page-before-group-provisioning-okta-12aeb0ab1c97e695ef4a39620ebc92f8.png)
![User page before group provisioning | IOMETE](/resources/assets/images/user-detailed-page-before-group-provisioning-okta-dark-e9cf79f1204aad42f1ea936e5ebf12a9.png)
![User page after group provisioning | IOMETE](/resources/assets/images/user-detailed-page-after-group-provisioning-okta-a6b3a7105c743bc5505c162067f24566.png)
![User page after group provisioning | IOMETE](/resources/assets/images/user-detailed-page-after-group-provisioning-okta-dark-4885b4a4358528e1f26222b954758d37.png)
Add user to a group in Okta
- Navigate to group's information page in Okta
- Click
Assign People
button - Add a user to this group by clicking
+
button
![Add a user to a group in Okta | IOMETE](/resources/assets/images/add-user-to-group-okta-f9eaff53f2cd890aa3da99383cc67eaa.png)
![Add a user to a group in Okta | IOMETE](/resources/assets/images/add-user-to-group-okta-f9eaff53f2cd890aa3da99383cc67eaa.png)
Once this process is complete, the group members in IOMETE will be updated after a short interval.
![Added user to a group in Okta provisioned to IOMETE | IOMETE](/resources/assets/images/added-user-to-group-okta-f230a291b6cbf63edd54e98d5a173527.png)
![Added user to a group in Okta provisioned to IOMETE | IOMETE](/resources/assets/images/added-user-to-group-okta-dark-e096148d68b6075f73d48bf07d7f61c8.png)
When members of the provisioned group are assigned to the SAML client you created for IOMETE
,
a new user will be created in IOMETE if that user does not already exist.
![New member of group is created in IOMETE | IOMETE](/resources/assets/images/created-member-okta-e68926ca5561756883c9e82ad12a2335.png)
![New member of group is created in IOMETE | IOMETE](/resources/assets/images/created-member-okta-dark-5c6d5a574ab65e92dd86dbb9ca8ad9b7.png)
Remove user from a group in Okta
- Navigate to group's information page in Okta
- Remove any user grom this group by clicking
x
button
![Remove a user from a group in Okta | IOMETE](/resources/assets/images/remove-user-from-group-okta-db3f6636090b17946cc6302c006123bf.png)
![Remove a user from a group in Okta | IOMETE](/resources/assets/images/remove-user-from-group-okta-db3f6636090b17946cc6302c006123bf.png)
Once this process is complete, the group members in IOMETE will be updated after a short interval.
![Remove user from a group in Okta provisioned to IOMETE | IOMETE](/resources/assets/images/removed-user-from-group-okta-4758d7b6d086685b30cec9b8ecf87f0f.png)
![Remove user from a group in Okta provisioned to IOMETE | IOMETE](/resources/assets/images/removed-user-from-group-okta-dark-4aea89d5ef9898d1ff58dc88d5b4422d.png)
When members are removed from the provisioned group assigned to the SAML client you created for IOMETE
,
the corresponding user will be deleted in IOMETE if they are no longer part of any provisioned group.
![Removed member of group is deleted in IOMETE | IOMETE](/resources/assets/images/removed-member-okta-f34c05663e381c4d824ffba05223868f.png)
![Removed member of group is deleted in IOMETE | IOMETE](/resources/assets/images/removed-member-okta-dark-aeb99544daad10da1dda7674dd140029.png)