Integrating Okta for Provisioning

Prev Next

This guide provides the details about the Britive application and Okta provisioning integration.

Supported Features

  • Push New Users
    • New users created through Okta will also be created in Britive.
  • Push Groups
    • Groups created in Okta can be sent to Britive. They will be used to target more accurately your users.
  • Push Profile Updates
    • Updates made to the user's profile through Okta will be pushed to Britive.
  • Push User Deactivation
    • Deactivating the user or disabling the user's access to the application through Okta will deactivate the user in Britive.
  • Reactivate Users
    • User accounts can be reactivated in the application.

Requirements

Ensure that you have the following before integrating Britive and Okta:

  • SCIM 2.0 Base URL
  • Bearer token

Configuration Steps

Configuring an Identity Provider on Britive

An identity provider needs to be created in Britive for SSO.

  1. Log in to the Britive application with administrator privileges.

  2. Click on Admin->Identity Management from the navigation menu.

  3. Click on the Identity Providers tab.

  4. Click on the Add Identity Provider button.

  5. Enter name and description.

  6. Select Identity Provider Type as SAML.

  7. Click Add. A configuration page is displayed.

Configuring Provisioning on Britive

  1. Click on the Edit icon under SCIM Provider in the SCIM tab.

  2. Select Generic from the drop-down list for configuring an identity provider.

  3. Save the changes by clicking the icon next to the selection.

  4. Copy the SCIM URL and note it down. This URL is entered later to configure on the identity provider portal.

  5. Click on Create Token.

  6. Enter the validity of the token and create a token. Copy this generated token and note it down. Click OK. This token is not displayed again. This token is entered later on the identity provider portal. 

  7. Click on the Recreate token button to generate a new token, if needed. 

  8. Click on Edit token validity to update the validity.

  9. Map the incoming attributes using the procedure explained in User mapping.

User mapping

After provisioning, by default, seven attributes from the identity provider are mapped to a Britive user.

You can see the mapped attributes by checking the Mapped Attributes checkbox in the User Mapping section. Out of these attributes, Status, Email, First Name, Last Name, and Username are mandatory attributes. The identity provider must send these attributes for the user to be created in Britive.

Additional user attributes from the identity provider can be configured in Britive. Follow these steps to map additional attributes:

  1. Select Admin->Identity Management from the navigation menu,

  2. Click on the Identity Attributes tab.

  3. Create a new attribute by clicking the Add Identity Attribute button.

  4. Enter the following values on the Add Identity Attribute page:

    1. Enter the name and description of the attribute.

    2. Select the type of attribute from the drop-down list.

    3. Check Multi valued field for attributes that can have multiple values. For example, user roles.

    4. Click Add. The created attribute is displayed in the list of identity attributes.

  5. Click the Identity Providers tab.

  6. Select the identity provider and click on the SCIM tab.

  7. Uncheck the Mapped Attributes checkbox to see the list of unmapped attributes.

  8. Click Edit.

  9. Map the identity attribute with the incoming SCIM attribute.

  10. Click Save.

Configuring Okta for Provisioning

As a best practice, Britive suggests granting access to Britive profiles via groups. For more information, see Group Sync with SCIM.

Follow the steps below for configuring SCIM provisioning between Okta and Britive:

  1. Log in as an Okta Administrator.
  2. Add Britive App in Okta:
    1. Navigate to Applications.
    2. Click Browse App Catalog and search for “Britive”.

    3. Add the Britive app and assign it.

  3. Enable SCIM Provisioning:
    1. Click on the Provisioning settings tab.
    2. Click on Edit next to Provisioning to App and enable the following fields: Create Users, Update User Attributes, Deactivate Users. Save the settings.
      1. SCIM provisioning
      2. Create Users
      3. Update User Attributes
      4. Deactivate Users
      5. Push groups (if group membership sync is needed)
    3. Configure SCIM connection:
      1. Copy the Britive SCIM URL into the Base URL field.
      2. Enter the SCIM token generated from Britive into the Secret Token field.
      3. Select Bearer Token as the authentication type. These values are generated in the Creating an Identity Provider on Britive step. 
  4. Test the integration:
    1. Click Test Connection in Okta.
    2. Click Save.
  5. Click on the Assignments tab. Add users individually or through groups. This provision allows users to access the Britive application.
  6. Push Groups: To provision groups and group memberships in Britive, use the Push Groups feature. The users and tags provisioned through Okta cannot be updated in Britive. All the updates must be done in Okta and pushed to Britive. As per the Okta limitation, you should not use the same groups under Assignments and Push Groups.
    1. Go to Push Groups -> Assign Groups.
    2. Choose the groups you want to sync with Britive.
    3. Optionally, you can link the existing Britive groups.
  7. Update the attribute mappings, as required, and delete the attributes that are not mapped.
  8. Click on the Sign On tab and click Edit.
  9. Select Email for the Application username format and click Save.

Known Issues

  • Britive does not support modifying groups that are created in Okta and provisioned in Britive.
  • Britive does not support linking users between identity providers.

Reach out to our team at support@britive.com if you encounter any issues.