SCIM Integration with OKTA (new)
Here is a quick demo of how it works with OKTA.
1. Create an integration
First of all, we need to create a single sign-on integration that supports the SCIM provisioning option. Once this integration is available, we can enable the SCIM option and configure settings specific to our SCIM application. So, using the OKTA Admin Console App Integration Wizard, create a new custom SSO integration . We used for demo SAML based new web app.
In the Admin Console, go to Applications → Applications.
Click Create App Integration.
Select SAML 2.0 as the Sign-in method.
Click Next.
Specify the App name:
Then enter test data into Single sign-on URL and Audience URI fields for SAML (it’s just for demo) and click Next:
The last step of the SAML integration creation:
2. SCIM provisioning settings
2.1. Enable SCIM provisioning
After completing the creation of the integration in the previous step, do the following:
Сlick the General tab.
Click Edit.
In the Provisioning section of General tab, select Enable SCIM provisioning and click Save.
2.2. Choose provisioning options
From the integration's settings page, choose the Provisioning tab. The SCIM connection settings appear under Settings -> Integration:
Please get SCIM API URL and Bearer token on the Jira/Confluence/Bitbucket side, for example:
Then in the selected Provisioning tab, do the following:
Click Edit.
Specify the SCIM connector base URL and the field name of the unique identifier for users.
Under Supported provisioning actions, choose the provisioning actions.
Use the Authentication Mode: HTTP Header. To authenticate using HTTP Header, you need to provide a bearer token that will provide authorization against your SCIM app.
Click Save.
Currently, from the Settings column on the left side of the screen, we have selected provisioning configuration option: To App. Choose the provisioning options under Provisioning to App section and click Save:
Below, in the section for Attribute Mappings reduce the number of attributes for SCIM integration on the OKTA side, because Jira/Confluence/Bitbucket doesn’t support all of them:
2.3. Assign application to users and groups
From the integration's settings page, choose the Assignments tab, then Assign → Assign To People/Assign To Groups:
2.4. Push groups to app
From the integration's settings page, choose the Push Groups tab, then Push Groups → Find Groups By Name:
2.5. Check the Jira (Confluence/Bitbucket) info