Step 1: Create Okta Application
Select "Browse App Catalog" in your Okta Applications page.
Next, search for "SCIM 2.0 Test App (Oauth Bearer Token)" and select the corresponding result.
On the following page, click "Add Integration".
Give your application a descriptive name such as Ten Thousand Coffees and click Next.
Many applications will work with the default configuration that is set on your new application. If you require any additional configuration for your directory such as configuring Attribute Statements, do so on the Sign-On Options page. Click "Done" to complete creating your application.
Step 2: Configure Okta API Integration
Inside your Enterprise Okta Admin Panel, click on the "Provisioning" tab. Then, click "Configure API Integration".
Check "Enable API Integration".
Copy and paste the endpoint into the SCIM 2.0 Base Url field. This will be provided to you by Ten Thousand Coffees via a unique setup link.
Copy and paste the Bearer Token into the OAuth Bearer Token field. This will be provided to you by Ten Thousand Coffees via a unique setup link.
Click "Test API Credentials" and then click "Save".
Step 3: Configure Provisioning Actions
In the "To App" navigation section, click "Edit" and then check to enable the following actions:
-
Create Users
-
Update User Attributes
-
Deactivate Users
Step 4: Add and map user profile attributes
Follow this guide from Okta on adding user profile attributes. And this guide to map user attributes.
None of the fields below are required except for First Name, Last Name, and Email Address. The remaining fields in the list are recommended, and we explain why below, along with data spec requirements. Have a conversation with your Customer Success Manager to confirm which fields you'd like to include.
Field name |
Why we recommend |
Data spec requirements |
First Name* |
* At minimum, we require these fields to invite members to your 10KC hub. To rectify reporting issues if a member changes their email address.
|
Can be any alphabetic string. |
Last Name* |
last_name |
Can be any alphabetic string. |
Email Address* |
|
Can be any alpha-numeric string. |
Employee ID |
employee_id |
Can be any alpha-numeric string. |
Program Eligibility |
So we only invite eligible participants.
We can also potentially use one of the other fields in this list, such as “Business Unit”. |
We expect the values “eligible” or “ineligible” |
Status |
To de-activate profiles for employees that are on leave. |
We expect the values “active” or “inactive”. They are case-sensitive. |
Job Function, Job Family, or Management Level |
For creating relevant matches by keeping these attributes in sync with your HRIS or Identity Management Software.
|
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
Hire Start Date |
hire_start_date |
|
Business Unit, Supervisor Organization, or Department |
business_unit |
|
Office Location |
office_location |
|
People Manager Status |
people_manager_status |
|
High Potential Status |
high_potential_status |
|
Diversity dimensions
(e.g. gender)
|
gender |
|
First Level Supervisor |
To provide reporting for 3-4 levels under the CEO |
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
Second Level Supervisor |
|
|
Third Level Supervisor |
|
|
Locale |
To automatically localize 10KC in the user’s preference (if the preferred language is available) |
We currently only support two values:
• “fr-CA” for French(Canada)
• “en-US” for English(US)
Note: any blank values will be set as “en-US” |
Most Recent Role Start Date |
To enable mobility analyses |
We expect the format MM/DD/YYYY |
Role Reason Change Code |
role_reason_change_code |
|
Step 5: Assign People & Groups to Okta Application
On the "Assignments" tab of your Okta Application click the "Assign" button and select "Assign to People".
Find the users that you wish to assign and click the "Assign" button next to them.
To complete assigning the users, click "Save and Go Back".
Step 6: Push Groups
On the "Push Groups" tab of your Okta Application click the "Push Groups" button and select "Find groups by name".
Search for the group that you wish to push, select it and click "Save" to push your group to Ten Thousand Coffees.
7: Test the SCIM Connection
Ten Thousand Coffees will share testing steps to you via email.
Comments
0 comments
Please sign in to leave a comment.