Integrating Okta for Provisioning
    • PDF

    Integrating Okta for Provisioning

    • PDF

    Article Summary

    This guide provides the details about Britive application and Okta provisioning integration.

    Supported Features

    • Push New Users
      • New users created through Okta will also be created in Britive.
    • Push Groups
      • Groups created in Okta can be sent to Britive. They will be used to target more accurately your users.
    • Push Profile Updates
      • Updates made to the user's profile through Okta will be pushed to Britive.
    • Push User Deactivation
      • Deactivating the user or disabling the user's access to the application through Okta will deactivate the user in Britive.
    • Reactivate Users
      • User accounts can be reactivated in the application.

    Requirements

    Ensure that you have the following before integrating Britive and Okta:

    • SCIM 2.0 Base URL
    • Bearer token

    Configuration Steps

    Configuring an Identity Provider on Britive

    An identity provider needs to be created in Britive for SSO. 

    1. Login to Britive application with administrator privileges.
    2. Click on Admin->Identity Management from the navigation menu.
    3. Click on the Identity Providers tab.
    4. Click on ADD IDENTITY PROVIDER button.
    5. Enter Name and Description.
    6. Select Identity Provider Type as SAML.
    7. Click Add. A configuration page is displayed.

    Configuring Provisioning on Britive

    1. Click on the Edit icon under SCIM Provider in the SCIM tab.
    2. Select Generic from the drop-down list for configuring an identity provider.
    3. Save the changes by clicking the icon next to the selection.
    4. Copy the SCIM URL and note it down. This URL is entered later to configure on the identity provider portal.
    5. Click on CREATE TOKEN.
    6. Enter the validity of the token and create a token. Copy this generated token and note it down. Click OK. This token is not displayed again. This token is entered later on the identity provider portal. 
    7. Click on RECREATE TOKEN button to generate a new token, if needed. 
    8. Click on EDIT TOKEN VALIDITY to update validity.
    9. Map the incoming attributes using the procedure explained in User mapping.
    10. Add SCIM token to tenant policy using the procedure listed in Adding SCIM Token to Tenant Policy section. Recreated token also needs to be added to the tenant SCIM policy.

    Adding SCIM Token to Tenant Policy

    1. Click on Admin->Role & Policy Management->Policies.
    2. Search and select TenantSCIMPolicy from the list of policies.
    3. Click on Manage policy for TenantSCIMPolicy.
    4. Click Edit.
    5. Enter the following on Edit Policy page:
      1. Click on Select API Tokens.
      2. Select the token created in earlier section. The name of the token is same as the name of the identity provider.
      3. Click Save.
    6. Select Enable policy for TenantSCIMPolicy, if not enabled already.

    User mapping

    After provisioning, by default, seven attributes from the identity provider are mapped to a Britive user.

    You can see the mapped attributes by checking the Mapped Attributes checkbox in the User Mapping section. Out of these attributes, Status, Email, First Name, Last Name, and Username are mandatory attributes. The identity provider must send these attributes for the user to get created in Britive.

    Additional attributes of the user from the identity provider can be configured in Britive. Follow these steps to map additional attributes:

    1. Select Admin->Identity Management from the navigation menu,
    2. Click on the Identity Attributes tab.
    3. Create a new attribute by clicking ADD IDENTITY ATTRIBUTE button.
    4. Enter the following values on Add Identity Attributes page:
      1. Enter the Name and description of the attribute.
      2. Select the type of attribute from the drop-down list.
      3. Check Multi valued for the attributes which can have multiple values. For example, user roles.
      4. Click ADD IDENTITY ATTRIBUTE. The created attribute is displayed in the list of identity attributes.
    5. Click the Identity Providers tab.
    6. Select the identity provider and click on the SCIM tab.
    7. Uncheck the Mapped Attributes checkbox to see the list of unmapped attributes.
    8. Click EDIT.
    9. Map the identity attribute with the incoming SCIM attribute.
    10. Click SAVE.

    Configuring Okta for Provisioning

    Follow the steps below for configuring SCIM provisioning between Okta and Britive:

    1. Login as Okta Administrator.
    2. Open the SAML application configured for Britive.
    3. Click on the General tab.
    4. Click on Edit for App Settings.
    5. Select SCIM under App Setting -> Provisioning. Click on Save.
    6. Click on the Provisioning tab.
    7. Click on Edit and enter the SCIM connector base URL copied in the previous section. 
    8. Enter userName as the Unique identifier field for users.
    9. Select Push New Users, Push Profile Updates and Push Groups under Supported provisioning actions.
    10. Select HTTP Header under Authentication Mode.
    11. Enter the API token generated in the previous section in the Token field. Click on Test Connector Configuration. If you get a success message save the configuration. If you get any error, check the token, URL, and test again.
    12. Click on Edit next to Provisioning to App.
    13. Enable Create Users, Update User Attributes and Deactivate Users. Save the settings.
    14. Update the attribute mappings as required and delete the attributes which are not mapped.
    15. Click on the tab Sign On and click Edit.
    16. Select Email for the Application username format and click Save.
    17. Click on the Assignments tab. Add users individually or through groups. This provisions the users to the Britive application. To provision groups and group memberships, use the Push Groups feature. The users and tags provisioned through Okta cannot be updated in Britive. All the updates must be done in Okta and pushed to Britive.

    Known Issues

    • Britive does not support modifying groups that are created in Okta and provisioned in Britive.
    • Britive does not support the linking of users between identity providers.

    Reach out to our team at support@britive.com if you encounter any issues.


    Was this article helpful?