Configure SCIM provisioning with Okta

You can synchronize users and groups from Okta via SCIM 2.0.

The supported features include:

• Create users
• Update user attributes
• Delete users (when a user is unassigned from the app in Okta or their Okta account is deactivated)
• Import users (from the app to Okta)
• Import groups (from the app to Okta)
• Link groups (between Okta and the app)
• Group push (from Okta to the app)

Prerequisites

Before you begin, you have configured the SCIM integration in your 360Learning platform.

Step 1: Install and configure the 360Learning Okta app

Add an application representing the 360Learning platform in Okta, then configure an API integration for provisioning in your application.

Step 1.1: Install the 360Learning Okta app

1. Access the Okta admin console with your administrator account.
2. In the left menu, select Applications → Applications.
3. Click Browse App Catalog.
4. Search for “360Learning”, then click 360Learning in the search results.
5. Click Add integration.
6. In General settings, click Done to install the app.

Step 1.2: Configure an API integration for provisioning in the 360Learning Okta app

Once you have added an application representing your 360Learning platform in Okta, configure an API integration for provisioning in your application.

1. In the Provisioning tab of your application, click Configure API integration.
2. Select the Enable API check box, then configure the API integration:
   • In the SCIM 2.0 Base Url field, paste the Endpoint URL you retrieved when configuring the SCIM integration.
   • In the OAuth Bearer Token field, paste the authorization token you retrieved when configuring the SCIM integration.
3. Click Test API credentials to test the connection with the 360Learning platform.
4. Once your credentials are tested successfully, click Save.

In case of an error, verify your credentials and try again.

Step 1.3: Configure provisioning to the 360Learning Okta app

1. In the left menu of the Provisioning tab of your application, click Settings → To app.
2. Click Edit, then select the Enable check box for the following options:
   • Create Users
   • Update User Attributes
   • Deactivate Users
3. Click Save.

Now, when users are deactivated or reactivated in Okta and are assigned to the appropriate SCIM 2.0 application, you should see these updates in your 360Learning platform. For more information, see Okta documentation.

Step 2: Assign the application integration to users and groups

After you installed the 360Learning app in Okta, you need to assign the app to the relevant users and groups. Only these users and groups will be provisioned to the 360Learning platform.

1. In the left menu of the Okta Admin Console, select Applications → Applications.
2. Click the 360Learning app.
3. In the app settings, open the Assignments tab.
4. Click the Assign drop-down menu.
5. Choose either Assign to People or Assign to Groups.
   The dialog box that appears contains a list of the available users or groups who are not already assigned to the selected app integration.
6. Click Assign next to each user or group for which you want this app integration assigned.
7. Click Done.

The assigned Okta users are provisioned to the 360Learning platform. In 360Learning, they are pushed to the platform group.

Step 3: Set up field mappings

1. In the left menu of the Okta Admin Console, select Applications → Applications.
2. Click the 360Learning app.
3. Open the Provisioning tab of your app.
4. Click Settings → To app.
5. In the 360Learning Attribute Mappings section, click Go to Profile Editor.
6. In the Attributes section, click Mappings.
7. Click Okta User to 360Learning.

You can see the default attributes synced and configure mappings as needed.

Step 4: Push groups to the 360Learning platform

Group Push lets you perform the following operations:

• Pushing existing Okta groups and their memberships to the installed app in Okta
• Mapping Okta groups with existing 360Learning groups.

Create 360Learning groups based on the existing groups in Okta

Before you begin, the groups you want to push must have been assigned to the app in Okta.

1. In the left menu of the Okta Admin Console, select Applications → Applications.
2. Click the 360Learning app.
3. In the application settings, open the Push Groups tab.
4. Click the Push Groups drop-down menu and select one of the options:
   • Find groups by name: Select this option to locate groups by name.
   • Find groups by rule: Select this option to create a search rule that pushes groups that match the rule.
5. Search for the group, then select the desired group from the results.
6. Click Save.

The group with its users is created in 360Learning. By default, the created group is private.

Groups created from the SCIM integration are all created at the same level. Once groups are created with SCIM, the group hierarchy can be defined on the platform.

All new users imported from Okta will also be created in the platform group (where the SCIM integration has been activated).

Map existing 360Learning groups with Okta groups

You can map existing 360Learning groups with corresponding groups in Okta.

The Okta group and the 360Learning group must have the same name. Otherwise, Okta cannot map the groups.

Before you begin, the Okta groups you want to map must have been assigned to the 360Learning app in Okta.

1. In the left menu of the Okta Admin Console, select Applications → Applications.
2. Click the 360Learning app.
3. In the application settings, open the Push Groups tab.
4. Click Refresh App groups.
5. Click the Push Groups drop-down menu and select one of the options:
   • Find groups by name: Select this option to locate groups by name.
   • Find groups by rule: Select this option to create a search rule that pushes groups that match the rule.
6. Search for the group, then select the desired group from the results.
7. Click Save.

The group appears in the Push groups list.

The Okta group becomes the source of truth for the corresponding group in 360Learning. Now, when adding or removing users from the Okta group, changes are synced with the corresponding group in 360Learning.

All new users imported from Okta will also be created in the platform group (where the SCIM integration has been activated).

If the existing 360Learning group contains users that are not in the Okta directory, those users remain in the 360Learning group. You can remove them manually from the 360Learning platform

Configure 360Learning custom fields in Okta

You can create custom fields on the 360Learning platform. Since these are not included in the default mappings, you will have to link these fields manually.
Subsequent updates will be performed automatically.

Before you begin, create custom fields on the 360Learning platform.

1. In the left menu of the Okta Admin Console, select Applications → Applications.
2. Click the 360Learning app.
3. Open the Provisioning tab.
4. Click Settings → To app.
5. In the 360Learning Attribute Mappings section, click Go to Profile Editor.
6. In the Attributes section, click Add attribute.
7. Enter the required information in the form:
   • Data type
   • Display name: Label that will appear in the Okta UI
   • Variable name: Name of the attribute that can be referenced in mappings
   • External name: Name of the custom field name in 360Learning
   • External namespace: urn:ietf:params:scim:schemas:extension:360learning:2.0:User