As a best practice, Britive suggests granting access to Britive profiles via groups. For more information, see Group Sync with SCIM.
Configuring an Identity Provider on Britive
An identity provider needs to be created in Britive for SSO.
Log in to the Britive application with administrator privileges.
Click on Admin->Identity Management from the navigation menu.
Click on the Identity Providers tab.
Click on the Add Identity Provider button.
Enter name and description.
Select Identity Provider Type as SAML.
Click Add. A configuration page is displayed.
Configuring Provisioning on Britive
Copy the SCIM URL and note it down. This URL is entered later to configure on the identity provider portal.
Click on the Edit button under Additional Settings in the SCIM tab.
Select the Allow tag name and description to be editable option to allow editing of tags for externally managed tags.
Click on the Edit icon under SCIM Provider in the SCIM tab.
Select Generic from the drop-down list for configuring an identity provider.
Save the changes by clicking the icon next to the selection.
Click on Create Token.
Enter the validity of the token and create a token. Copy this generated token and note it down. Click OK. This token is not displayed again. This token is entered later on the identity provider portal.
Click on the Recreate token button to generate a new token, if needed.
Click on Edit token validity to update the validity.
Map the incoming attributes using the procedure explained in User mapping.
User mapping
After provisioning, by default, seven attributes from the identity provider are mapped to a Britive user.
You can see the mapped attributes by checking the Mapped Attributes checkbox in the User Mapping section. Out of these attributes, Status, Email, First Name, Last Name, and Username are mandatory attributes. The identity provider must send these attributes for the user to be created in Britive.
Additional user attributes from the identity provider can be configured in Britive. Follow these steps to map additional attributes:
Select Admin->Identity Management from the navigation menu.
Click on the Identity Attributes tab.
Create a new attribute by clicking the Add Identity Attribute button.
Enter the following values on the Add Identity Attribute page:
Enter the name and description of the attribute.
Select the type of attribute from the drop-down list.
Check Multi valued field for attributes that can have multiple values. For example, user roles.
Click Add. The created attribute is displayed in the list of identity attributes.
Click the Identity Providers tab.
Select the identity provider and click on the SCIM tab.
Uncheck the Mapped Attributes checkbox to see the list of unmapped attributes.
Click Edit.
Map the identity attribute with the incoming SCIM attribute.
To add custom attributes, please select the identity attribute and type the name of the custom attribute as defined in the IDP.
Click Save.
Configuring Provisioning on Duo
Log in to the Duo Admin Portal.
From the portal menu, navigate to Applications and search for the Britive application that has already been created, or create a new one based on the steps outlined earlier.
Configure SCIM provisioning:
Navigate to the Provisioning tab.
Select the authentication mode as Bearer Token.
Enter the following values:
Enter the Britive SCIM URL into the Base URL field.
Enter the SCIM token generated from Britive into the Token field.
Click on Connect to application to test the connection. If the connection is successful, save the configuration. If not, review the settings and try again.
Make sure the User access option is configured on the Single Sign-on tab. For more information, see User access to applications.
For more information about provisioning on Duo, see Automated Provisioning.