SSO

How to configure user provisioning with Okta through the SCIM v2 API

Features

The following provisioning features are supported:

  • Create Users. Users that are assigned to the eFront application in Okta are automatically added to eFront.
  • Update User Attributes. Updates made to a user's profile in Okta will be pushed to eFront.
  • Deactivate Users. Deactivating a user or disabling a user’s access to the Okta application will deactivate the user from eFront.
  • Sync password. Changing a user’s password in Okta will update the password of the corresponding eFront user.
  • Import Users. Users created in eFront can be imported into Okta and either matched against existing Okta users or created as new Okta users.

 

Requirements

SCIM-based user provisioning is available on eFront v5.3.1 or higher.

 

Step-by-step configuration instructions

 

Login to your eFront portal as an administrator and complete the following steps:

  1. Go to Home → System Settings → Single Sign On → SAML tab and click Enable SCIM 2.0 support (1) and Save.
  2. You will need the SCIM Base URL (2) and the SCIM token (3) for the next steps.

SCIM1_rdy.png

Log in to your Okta admin portal and complete the following steps:

  1. Under the Applications tab, navigate to the already created eFront application. If you have not yet configured Okta please review and follow the steps in this guide How to configure SSO with Okta.
  2. Click on Provisioning (1) in the application. Under the Settings panel on the left side, click the Integration (2) link. Then click the Configure API Integration (3) button.okta1_rdy.png
  3. Check Enable API integration (4) option and fill in the token that you obtained from the previous steps.
  4. Click Test API Credentials (5) to verify that the connection is working correctly and then save the changes.okta2_rdy.png
  5. Under the Settings panel on the left side, click To App (6) and then Edit (7).okta3_rdy.png
  6. Enable as many of the features you want to use:
    • Create Users
    • Update User Attributes
    • Deactivate Users
    • Sync Password
  7. Go to the Sign On tab, click Edit and fill in the Audience URI (8) of your eFront domain without an HTTP:// or HTTPS:// prefix, and, select Email (9) as the default username format in Application username format.okta4_rdy.png
  8. (Optional) To import users from eFront to Okta, go to Import (10), and click Import Now (11) to show the eFront users in the list. Select those you want and click Confirm Assignments.okta5_rdy.png

    Τo schedule an import, go to Provisioning (12), click To Okta (13) and enable the option Schedule import (14).okta6_rdy.png

  9. (Optional) To use custom values, you have to create the corresponding extended profile fields and add their names separated with a comma in Home → System Settings → Single Sign On → SAML tab → Custom fields (15).okta7_rdy.png

    Then, you have to map the values in Okta. Click Provisioning in the application. Under the Settings panel on the left side, click the To App link and/or To Okta link. At the bottom of the page, you can click Show Unmapped Attributes (16) and create your mappings.okta8_1_rdy.png

Related articles