Okta SCIM Integration
If your organization uses Okta to manage your employees access to tools and services, you can take advantage of Okta’s “Provisioning” feature to automatically grant access to Base-B to your users, and even optionally synchronize membership in select Okta Groups with Base-B user groups.
The integration between Okta and Base-B that enables this provisioning to occur is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management). To learn more about how Okta works with SCIM, please see this article.
The remainder of this guide is focused on enabling you to configure both Base-B and Okta to get provisioning up and running for your organization.
Features
Requirements
Configuration Steps
Known Issues/Troubleshooting
The following provisioning features are supported:
Push Users: New users created through OKTA will also be created in the Base-B application.
Push Profile Updates: Updates made to the user profile through OKTA will be sent to the Base-B application.
Push User Deactivation: Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in the Base-B application. Note: For this application, deactivating a user means removing login access, but keeping the user's Base-B information as an inactive user.
Reactivate Users: User accounts in Base-B can be reactivated via OKTA.
Push Groups: Groups and their members in Okta can be sent to Base-B (like user groups in Base-B).
Import Users: New users created through Base-B application will also be created in the OKTA.
User provisioning based on the SCIM protocol is only available to paying customers.
You need to configure SAML first to make sure the Base URL field is filled under the General tab, please see this article.
Configure provisioning functionality as follows.
To enable the provisioning that will allow the synchronization of users and groups between Base-B and Okta, it will be necessary to carry out the following steps:
In Settings > Integrations > API Keys, click "Generate Key" to generate a new API access key.
A screen with the generated key will be displayed. Copy the generated key so that the integration between Okta and Base-B by the SCIM server is possible.
Leave the browser window open and log in to your Okta instance to complete the configuration on the Okta side.
In the OKTA admin panel, under Applications > Applications, access the Base-B application.
Access the "Provisioning" tab and go to the "Integration" option.
After that, complete the configuration form:
Enable API Integration
In the "API Token" field, inform the token previously generated in Base-B
Click on "Test Connector Configuration" to validate that the integration works and then save the settings.
Check each box for the provisioning actions supported by Base-B:
Create Users
Update user attributes
Deactivate users
Then click on the "Sign On" tab and click on "Edit".
Select "Okta username" in the "Application username format" field and click "Save".
That's it, the integration with Okta is complete.
If you have questions or difficulties with your Base-B/Okta SCIM integration, please contact Base-B support via suporte@baseb.com.br
The integration between Okta and Base-B that enables this provisioning to occur is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management). To learn more about how Okta works with SCIM, please see this article.
The remainder of this guide is focused on enabling you to configure both Base-B and Okta to get provisioning up and running for your organization.
Contents
Features
Requirements
Configuration Steps
Known Issues/Troubleshooting
Features
The following provisioning features are supported:
Push Users: New users created through OKTA will also be created in the Base-B application.
Push Profile Updates: Updates made to the user profile through OKTA will be sent to the Base-B application.
Push User Deactivation: Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in the Base-B application. Note: For this application, deactivating a user means removing login access, but keeping the user's Base-B information as an inactive user.
Reactivate Users: User accounts in Base-B can be reactivated via OKTA.
Push Groups: Groups and their members in Okta can be sent to Base-B (like user groups in Base-B).
Import Users: New users created through Base-B application will also be created in the OKTA.
Requirements
User provisioning based on the SCIM protocol is only available to paying customers.
You need to configure SAML first to make sure the Base URL field is filled under the General tab, please see this article.
Configuration Steps
Configure provisioning functionality as follows.
Enable provisioning functionality
In Base-B
To enable the provisioning that will allow the synchronization of users and groups between Base-B and Okta, it will be necessary to carry out the following steps:
In Settings > Integrations > API Keys, click "Generate Key" to generate a new API access key.
A screen with the generated key will be displayed. Copy the generated key so that the integration between Okta and Base-B by the SCIM server is possible.
Leave the browser window open and log in to your Okta instance to complete the configuration on the Okta side.
In Okta
In the OKTA admin panel, under Applications > Applications, access the Base-B application.
Access the "Provisioning" tab and go to the "Integration" option.
After that, complete the configuration form:
Enable API Integration
In the "API Token" field, inform the token previously generated in Base-B
Click on "Test Connector Configuration" to validate that the integration works and then save the settings.
Check each box for the provisioning actions supported by Base-B:
Create Users
Update user attributes
Deactivate users
Then click on the "Sign On" tab and click on "Edit".
Select "Okta username" in the "Application username format" field and click "Save".
That's it, the integration with Okta is complete.
Known Issues/Troubleshooting
If you have questions or difficulties with your Base-B/Okta SCIM integration, please contact Base-B support via suporte@baseb.com.br
Updated on: 09/05/2023
Thank you!