SCIM provisioning using Okta's connector app

This guide covers steps to configure provisioning for Robin using Okta’s connector App. 

Requires

  • Administrator access in Robin
  • Enterprise plan in Robin
  • Active Okta account

Features

Robin supports the following provisioning features:

  • Push New Users: New users created through OKTA will also be created in Robin.
  • Push Profile Updates: Updates made to the user's profile through OKTA will be pushed to Robin.
  • Push User Deactivation: Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in Robin.
  • Import New Users: New users created in Robin will be downloaded and turned in to new AppUser objects, for matching against existing OKTA users.
  • Import Profile Updates: Updates made to a users profile in Robin will be downloaded and applied to the profile fields stored locally in Okta.
  • Reactivate Users: User accounts can be reactivated in the application.

Robin has the following restrictions for provisioning:

  • Push/Import Groups: Push groups and their members to remote systems. Coming soon.
  • Silent Provisioning is not supported
  • Syncing Passwords is not supported

Prerequisites

The following attributes are required as part of your Okta configuration:

  • `userName`
  • `familyName`
  • `givenName`
  • `email`

 

Already have SAML enabled?

If you're setting up a new instance of Robin in Okta, such as adding SCIM, make sure to select ‘email’ when mapping the email SAML attribute. This is necessary to avoid creating duplicate accounts for users already added to Robin through SAML. You can do this within Okta from Applications > General > App settings > Email attribute value. This should be selected by default. 

robin-okta.png

Configuration Steps

To configuring your provisioning settings, you'll need to have administrator permissions and access to the Robin web dashboard. You'll also need to have access to OKTA's OIN manager. 

Generate a token in Robin

1
From the web dashboard, navigate to Settings > Integrations > SCIM Provisioning, then click “Manage”.

robin-scim-integration.png

2
From the SCIM Integration page, generate a SCIM token. Copy this token and head over to Okta's management portal to complete the set up.

robin-scim-token.png

3
In a new browser tab, open the Okta management portal and add the Robin application. 

okta-add-robin.png

4
Under Provisioning tab > Settings > API Integration, input the access token copied from Robin and click "Save".

 okta-provision-robin.png

5
Select the the provisioning features you want to enable. When finished, click "Save". You can now assign people to the app.

okta-provision-robin2.png

Did this article help?