Loading ...

Okta SCIM Configuration Guide | Communifire Documentation

Home » communifire documentation » Wiki » Documentation » Login » Single Sign On (SSO) » Okta SSO » Okta SCIM Configuration Guide

Comments (1)

   
lspring

This document says "The manager attribute is not supported by provisioning". How do you recommend updating user manager values using Okta provisioning, or is there a time line for adding this to the Okta provisioning?

4/28/2021 11:38 PM
 · 
by
   
gskamau

Hi Lee,

We've seen other clients use the REST API to update the manager profile field in Communifire. You can use REST API: Update User Profile Fields to do this.

Grace

4/29/2021 12:00 AM
 · 
by
   
gskamau

Hi Silvestre,

I'm looking into this for you.

Grace

5/12/2021 10:43 PM
 · 
by
   
gskamau

Hi Silvestre,

For the current app, do you see a Provisioning section in the General tab > App Settings?

Grace

5/13/2021 05:57 PM
 · 
by
   
gskamau

Hi Silvestre,

I checked what happens when that setting is updated and provisioning is configured: The Okta app recognizes that the existing users weren't provisioned and prompts you to provision them. The Okta app matches the Okta users to Communifire users and the connection between the Okta user and Communifire user is established. Users assigned to the Okta app afterwards are provisioned correctly.

Please follow the steps to enable provisioning for the existing app.

  1. In the General tab, set Provisioning to SCIM and save.
  2. The Provisioning tab will appear. Click Provisioning.
  3. In the Integration section, edit the SCIM Connection.
  4. Set SCIM connector base URL to your site URL + /api/scim/v2
  5. In Unique identifier field for users, enter email.
  6. For Supported provisioning actions, check Push New Users and Push Profile Updates.
  7. Set Authentication mode to HTTP Header.
  8. In Communifire, go to Control Panel > System > Single Sign On,
  9. Expand SCIM User Provisioning, toward the bottom.
  10. Copy the bearer token.
  11. In Okta, paste the bearer token in Authorization.
  12. Click Test Connector Configuration.
  13. Save settings.
  14. A To App tab will now be available in the Provisioning section. Click To App.
  15. Click Edit.
  16. Check Create Users, Update User Attributes, and Deactivate Users. 
  17. Click Save.
  18. Still in the To App section, click Go to Profile Editor.
  19. Delete attributes until only the following remain:
    • Username / userName
      Given name / givenName
      Family name / familyName
      Primary email / email
      Middle name / middleName
      Honorific prefix / honorificPrefix
      Honorific suffix / honorificSuffix
      Title / title
      Nickname / nickName
      Primary phone / primaryPhone
      Street address / streetAddress
      Locality / locality
      Region / region
      Postal Code / postalCode
      Country code / country
      User type / userType
      Employee number / employeeNumber
      Cost center / costCenter
      Organization / organization
      Division / division
      Department / department
  20. Click edit Mappings.
  21. Click Okta User to [App Name].
  22. Update mappings to the below:
    • user.firstName -> givenName
      user.lastName -> familyName
      user.email -> email
      user.middleName -> middleName
      user.honorificPrefix -> honorificPrefix
      user.honorificSuffix -> honorificSuffix
      user.title -> title
      user.nickName -> nickName
      user.primaryPhone -> primaryPhone
      user.streetAddress -> streetAddress
      user.city -> locality
      user.state -> region
      user.zipCode -> postalCode
      Iso3166Convert.toName(user.countryCode) -> country
      user.userType -> userType
      user.employeeNumber -> employeeNumber
      user.costCenter -> costCenter
      user.organization -> organization
      user.division -> division
      user.department -> department
  23. Click Save Mappings.

Provisioning is now set up.

  1. You can then click Assignments. The users will have a red exclamation mark by their name.
  2. Click Provision Users to provision the existing users.
  3. Refresh the page to reload the user list. The red exclamation marks should no longer appear.

Grace

5/13/2021 06:50 PM
 · 
by

Pages

Intranet Software