Configure SCIM provisioning with Okta

  • Updated

Who can use this feature?

You can synchronize users and groups from Okta via SCIM 2.0.

Prerequisites

Before you begin, you have configured the SCIM integration in your 360Learning platform.

Step 1: Create and configure an application in Okta

Add an application representing the 360Learning platform in Okta, then configure an API integration for provisioning in your application.

Step 1.1: Create an application in Okta

Create an application representing the 360Learning platform in Okta.

  1. Access the Okta admin console with your administrator account.
  2. In the left menu, select ApplicationsApplications.
  3. Click Browse App Catalog.
  4. Search for "SCIM 2.0 Test App" and select SCIM 2.0 Test App (OAuth Bearer Token).
  5. On the SCIM 2.0 Test App (OAuth Bearer Token) dialog, click Add Integration.
  6. In General Settings, enter a name for your application in the Application label field, then click Next.

Step 1.2: Enable the SCIM integration in Okta

Once you have added an application representing your 360Learning platform in Okta, configure an API integration for provisioning in your application.

  1. In the Provisioning tab of your application, click Configure API integration.
  2. Select the Enable API check box, then configure the API integration:
  3. Click Test API credentials to test the connection with the 360Learning platform.
  4. Once your credentials are tested successfully, click Save.

In case of an error, verify your credentials and try again.

Step 1.3: Configure the SCIM integration in Okta

  1. Open the Provisioning tab of your application.
  2. In the left menu, click Settings.
  3. Click Edit, then select the Enable check box for the following options:
    • Create Users
    • Update User Attributes
    • Deactivate Users
  4. Click Save.

Now, when users are deactivated or reactivated in Okta and are assigned to the appropriate SCIM 2.0 application, you should see these updates in your 360Learning platform. For more information, see Okta documentation.

Step 2: Assign the application integration to users and groups

After you create the application in Okta, you need to assign the application to the relevant users and groups. Only these users and groups will be provisioned to the 360Learning platform.

  1. In the left menu of Okta Admin Console, select ApplicationsApplications.
  2. Search for or scroll down to the app integration that you want to assign to one or more users or groups.
  3. Click the SCIM 2.0 Test App (OAuth Bearer Token) application that you previously created.
  4. In the application settings, open the Assignments tab.
  5. Click the Assign drop-down menu.
  6. Choose either Assign to People or Assign to Groups.
    The dialog box that appears contains a list of the available users or groups who are not already assigned to the selected app integration.
  7. Click Assign next to each user or group for which you want this app integration assigned.
  8. Click Done.

The assigned Okta users are provisioned to the 360Learning platform. In 360Learning, they are pushed to the platform group.

Step 3: Push groups to the 360Learning platform

Group Push lets you push existing Okta groups and their memberships to the created application in Okta.

Before you begin, the groups you want to push must have been assigned to the application in Okta.

  1. In the left menu of Okta Admin Console, select ApplicationsApplications.
  2. Search for or scroll down to the app integration that you assigned to the groups you want to push.
  3. Click the SCIM 2.0 Test App (OAuth Bearer Token) application that you previously created.
  4. In the application settings, open the Push Groups tab.
  5. Click the Push Groups drop-down menu and select one of the options:
    • Find groups by name: Select this option to locate groups by name.
    • Find groups by rule: Select this option to create a search rule that pushes groups that match the rule.
  6. Search for the group, then select the desired group from the results.
  7. Click Save.

The group with its users is created in 360Learning. By default, the created group is private.

Groups created from the SCIM integration are all created at the same level. Once groups are created with SCIM, the group hierarchy can be defined on the platform.

All new users imported from Okta will also be created in the platform group (where the SCIM integration has been activated).

Set up Okta mapping

Once you have your 360Learning SCIM integration set in Okta, you can map Okta attributes to 360Learning attributes to make Okta the single source of truth for user data on your 360Learning platform.

For more information about configuring attribute mappings in Okta, see the following articles in Okta documentation:

Okta user profile 360Learning app Attribute Format External Namespace
Email email String urn:ietf:params:scim:schemas:core:2.0:User
(user.email != null && user.email != '') ? 'work' : '' emailType String urn:ietf:params:scim:schemas:core:2.0:User
First Name givenName String urn:ietf:params:scim:schemas:core:2.0:User
Last Name familyName String urn:ietf:params:scim:schemas:core:2.0:User
Phone primaryPhone String urn:ietf:params:scim:schemas:core:2.0:User
(user.primaryPhone != null && user.primaryPhone != '') ? 'work' : '' primaryPhoneType String urn:ietf:params:scim:schemas:core:2.0:User
Title title String urn:ietf:params:scim:schemas:core:2.0:User
Language preferredLanguage String urn:ietf:params:scim:schemas:core:2.0:User
Organization organization String urn:ietf:params:scim:schemas:extension:entreprise:2.0:User
Manager manager String urn:ietf:params:scim:schemas:extension:entreprise:2.0:User
Standard mapping schema in Okta

Configure 360Learning custom fields in Okta

You can create custom fields on the 360Learning platform. Since these are not included in the default mappings, you will have to link these fields manually.
Subsequent updates will be performed automatically.

Before you begin, create custom fields on the 360Learning platform.

  1. In the left menu of Okta Admin Console, select ApplicationsApplications.
  2. Search for or scroll down to the app integration.
  3. Click the SCIM 2.0 Test App (OAuth Bearer Token) application that you previously created for the 360Learning platform.
  4. In the Provisioning tab of your application, scroll down and click Go to Profile Editor.
  5. Click Add attribute.
  6. Enter the required information in the form:
    • Data type
    • Display name: Label that will appear in the Okta UI
    • Variable name: Name of the attribute that can be referenced in mappings
    • External name: Name of the custom field name in 360Learning
    • External namespace: urn:ietf:params:scim:schemas:extension:360learning:2.0:User
Check out our blog for more L&D resources.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request