SCIM provisioning using Okta's connector app

This guide covers steps to configure provisioning for Robin using Okta’s connector App. 

Requirements

  • Advanced Authentication + User Management 
  • Administrator access in Robin
  • Active Okta account

Features

Robin supports the following provisioning features:

  • Push New Users: New users created through Okta will also be created in Robin.
  • Push Groups: Groups created through Okta will also be created in Robin.
  • Push Profile Updates: Updates made to the user's profile through Okta will be pushed to Robin.
  • Push User Deactivation: Deactivating the user or disabling the user's access to the application through Okta will deactivate the user in Robin.
  • Import New Users: New users created in Robin will be downloaded and turned in to new AppUser objects, for matching against existing Okta users.
  • Import Profile Updates: Updates made to a users profile in Robin will be downloaded and applied to the profile fields stored locally in Okta.
  • Reactivate Users: User accounts can be reactivated in the application.

Robin has the following restrictions for provisioning:

  • Syncing Passwords is not supported

Prerequisites

The following attributes are required as part of your Okta configuration:

  • `userName`
  • `familyName`
  • `givenName`
  • `email`

Optional attributes

  • `department`

 

Already have SAML enabled?

If you're setting up a new instance of Robin in Okta, such as adding SCIM, make sure to select ‘email’ when mapping the email SAML attribute. This is necessary to avoid creating duplicate accounts for users already added to Robin through SAML. You can do this within Okta from Applications > General > App settings > Email attribute value. This should be selected by default. 

robin-okta.png

Configuration Steps

To configure your provisioning settings, you'll need to have administrator permissions and access to the Robin web dashboard. You'll also need to have access to OKTA's OIN manager. 

Generate a token in Robin

1
From the web dashboard, navigate to Manage > Integrations > SCIM Provisioning, then click “Manage”.

Integrations_-_Robin.png

2
From the SCIM Integration page, generate a SCIM token. Copy this token and head over to Okta's management portal to complete the set up.

robin-scim-token.png

3
In a new browser tab, open the Okta management portal and add the Robin application. 

okta-add-robin.png

4
Under Provisioning tab > Settings > API Integration, input the access token copied from Robin and click "Save".

 okta-provision-robin.png

5
Select the provisioning features you want to enable. When finished, click "Save". You can now assign people to the app.

okta-provision-robin2.png

Optional: To sync the department attribute, create a new attribute mapping for department and set the External namespace to urn:ietf:params:scim:schemas:extension:enterprise:2.0:User 

Screenshot_2024-03-14_at_11_03_48_AM.png

Then, set the mapping for the new attribute:

Screenshot 2024-03-14 at 11.09.27 AM.png

Troubleshooting

In order to activate the Push Groups feature on the existing application instances in Okta, you need to re-enable provisioning.

Open the Provisioning application tab > select API integration > click Edit, then click the Save button.

scim-okta.png

Articles in this section

Was this article helpful?
0 out of 6 found this helpful
Share