User Provisioning with Okta (SCIM)

Note, you must be the Okta admin user and a Simpplr Application manager to complete these steps. We strongly recommend working with your IT team to get the integration setup, as some unique Okta setups can cause issues with the integration if not enabled properly. 

We'll need to access our Simpplr app first as the Application manager. 

1. In Simpplr, from your user profile image, click Manage > Application > Integrations > People Data.
2. Select Okta > Provisioning.
3. Click Save. After clicking Save, Simpplr provides you with a token. This token is only visible once. If the page is refreshed or exited, this token will not be displayed again. If a new token is required, uncheck the provisioning checkbox, select it again and click Save. This will create a new token and invalidate the old ones. Copy the token and paste it somewhere you have access to for later on. We'll need it in a later step in the Okta application.
   
   
   

Now we're ready to open Okta. You will need administrator access to complete the next steps. Note, if you're already using Okta for SSO, you can select the same application. If only using Okta for SCIM provisioning, follow the steps below to create a new application.

1. In the left hand navigation, click Applications > Applications. Now either select an existing application (if Simpplr has already been added) or create one.
2. To create a new application:
   1. In the Applications page, click on Browse App Catalog.
      
      
       
   2. Search for SCIM. Choose SCIM 2.0 Test App (OAuth Bearer Token) . Click Add Integration.
   3. Fill in the Application label field with "Simpplr SCIM 2.0 OAuth". Then click Next.
      
   4. From the Provisioning tab, click Configure API Integration.
      
   5. Input the data you pulled from your Simpplr application into the fields here. This includes your Okta link and generated token.
   6. Click Save.
      
   7. Go to To App. From this screen, click Edit to begin enabling your provisioning settings. Check the box next to each option to choose whether or not you want to create users, sync users (update user attributes), or deactivate users.
      
3. Scroll down and click Go to Profile Editor to remove all attributes other than first name, last name, and email.
   
   
   
    
4. Here we will map the previously created role field to the application. To do this, click Add Attribute.
   
    
5. Fill the form with the following values and click Save:
   • Data type: String
   • Display name: Role
   • Visible name: role
   • External name : roles.^[primary==true].value
   • External namespace : urn:ietf:params:scim:schemas:core:2.0:User
   • Description: Simpplr application user roles (Preferred)
   • Select the checkbox for Define enumerated list of values in the Enum section.
   • In Attribute members, enter the following:
     • Display name: End User, Value: End User
     • Display name: Application Manager, Value: Application Manager
   • Attribute Required: Yes
   • Attribute Type: Group
     

Now we need to add a mobile number field in Okta. Once again, click on Add attribute.

1. Fill the form with the following:
   • Data type: String
   • Display name: mobile
   • visible name: mobile
   • External name: phoneNumbers.^[type==mobile].value
   • External namespace: urn:ietf:params:scim:schemas:core:2.0:User
   • Description: Mobile number of the user (Preferred)
2. Click on Save.
3. Click on Mappings.
4. Go to the second tab, i.e. Okta user to <your application name>.
5. Find mobile in right column and select user.mobilePhone in the left column.
   
    
6. Click Save mappings and Apply update now.

To assign or to provision using SCIM, from the Okta home page, go to Applications > Applications in the left sidebar.

1. Click on Assignments.
   
    
2. Click the Assign button.
3. Select Assign to People.
4. Select the person and click Assign, then Save. Then head back and click Done.
   
    
5. Refresh the page. If there is no red symbol on the user you have assigned, it means the provisioning is successful.
6. You can click on View logs in the application home page to see the failure log if the assignment fails.
   
    

To disconnect Okta SCIM, follow these steps:

1. 1. Go to Simpplr as the Application manager. Click on Manage > Applications > Integrations > People data.
   2. Uncheck the Provisioning box in Okta.
   3. Click Save.
      
   4. Head back to Okta as the Okta admin user.
   5. Go to Applications > Applications from the left sidebar and then click the Provisioning tab.
   6. From the Provisioning tab, in Integration, uncheck the Enable API Integration box and click Save.