How can we help?

Set up Guide: Okta SCIM

Emily B
Emily B
  • Updated

Step 1: Create Okta Application

Select "Browse App Catalog" in your Okta Applications page.

A screenshot showing where to find 'Browse App Catalog' button in the Okta dashboard.

Next, search for "SCIM 2.0 Test App (Oauth Bearer Token)" and select the corresponding result.

A screenshot showing search results for 'SCIM 2.0 Test App' in the Okta dashboard.

On the following page, click "Add Integration".

A screnshot showing where to click 'Add Integration' in the SCIM 2.0 Test App (OAuth Bearer Token) overview page in the Okta dashboard.

Give your application a descriptive name such as Ten Thousand Coffees and click Next.

A screenshot showing where to enter application name in the 'Application label' field in the Okta dashboard.

Many applications will work with the default configuration that is set on your new application. If you require any additional configuration for your directory such as configuring Attribute Statements, do so on the Sign-On Options page. Click "Done" to complete creating your application.

A screenshot highlingting 'Done' button in the application configuration page in the Okta dashboard.

Step 2: Configure Okta API Integration

Inside your Enterprise Okta Admin Panel, click on the "Provisioning" tab. Then, click "Configure API Integration".

A screenshot showing where to find the 'Provisioning' tab and 'Configure API Integration' button in the Okta dashboard.

Check "Enable API Integration".

A screenshot showing where to configure the provisioning credentials in the 'Provisioning' tab in the Okta dashboard.

Copy and paste the endpoint into the SCIM 2.0 Base Url field. This will be provided to you by Ten Thousand Coffees via a unique setup link.

Copy and paste the Bearer Token into the OAuth Bearer Token field. This will be provided to you by Ten Thousand Coffees via a unique setup link.

Click "Test API Credentials" and then click "Save".

Step 3: Configure Provisioning Actions

In the "To App" navigation section, click "Edit" and then check to enable the following actions:

  • Create Users

  • Update User Attributes

  • Deactivate Users

A screenshot showing where to enable 'Create Users', 'Update User Attributes', and 'Deactivate Users' actions in the 'To App' tab in the Okta dashboard.

Step 4: Add and map user profile attributes

Follow this guide from Okta on adding user profile attributes. And this guide to map user attributes.

None of the fields below are required except for First Name, Last Name, and Email Address. The remaining fields in the list are recommended, and we explain why below, along with data spec requirements. Have a conversation with your Customer Success Manager to confirm which fields you'd like to include.

Field name

Why we recommend

Data spec requirements

First Name*

 

* At minimum, we require these fields to invite members to your 10KC hub.

To rectify reporting issues if a member changes their email address.

 

Can be any alphabetic string.

Last Name*

last_name

Can be any alphabetic string.

Email Address*

email

Can be any alpha-numeric string.

Employee ID

employee_id

Can be any alpha-numeric string.

Program Eligibility

So we only invite eligible participants.

 

We can also potentially use one of the other fields in this list, such as “Business Unit”.

We expect the values “eligible” or “ineligible”

Status

To de-activate profiles for employees that are on leave.

We expect the values “active” or “inactive”. They are case-sensitive.

Job Function, Job Family, or Management Level

For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.

 

 

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Hire Start Date

hire_start_date

 

Business Unit, Supervisor Organization, or Department

business_unit

 

Office Location

office_location

 

People Manager Status

people_manager_status

 

High Potential Status

high_potential_status

 

Diversity dimensions

 

 

(e.g. gender)

 

gender

 

First Level Supervisor

To provide reporting for 3-4 levels under the CEO

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Second Level Supervisor

 

 

Third Level Supervisor

 

 

Locale

To automatically localize 10KC in the user’s preference (if the preferred language is available)

We currently only support two values:

 

 

• “fr-CA” for French(Canada)

 

• “en-US” for English(US)

 

 

Note: any blank values will be set as “en-US”

Most Recent Role Start Date

To enable mobility analyses

We expect the format MM/DD/YYYY

Role Reason Change Code

role_reason_change_code

 

Step 5: Assign People & Groups to Okta Application

On the "Assignments" tab of your Okta Application click the "Assign" button and select "Assign to People".

A screenshot showing where to select 'Assign to People' in the 'Assignments' tab in the Okta dashboard.
A screenshot showing where to select 'Assign to People' in the 'Assignments' tab in the Okta dashboard.

Find the users that you wish to assign and click the "Assign" button next to them.

A screenshot showing where to select 'Assign' for specific users in the Okta dashboard.
A screenshot showing where to select 'Assign' for specific users in the Okta dashboard.

To complete assigning the users, click "Save and Go Back".

A screenshot showing where to select 'Save and Go Back' to complete user assignment in the Okta dashboard.
A screenshot showing where to select 'Save and Go Back' to complete user assignment in the Okta dashboard.

Step 6: Push Groups

On the "Push Groups" tab of your Okta Application click the "Push Groups" button and select "Find groups by name".

A screenshot showing where to select 'Find groups by name' in the 'Push Groups' tab in the Okta dashboard.
A screenshot showing where to select 'Find groups by name' in the 'Push Groups' tab in the Okta dashboard.

Search for the group that you wish to push, select it and click "Save" to push your group to Ten Thousand Coffees.

A screenshot showing where to search for groups to push in the 'Push Groups' tab in the Okta dashboard.
A screenshot showing where to search for groups to push in the 'Push Groups' tab in the Okta dashboard.

7: Test the SCIM Connection

Ten Thousand Coffees will share testing steps to you via email.




 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.