SCIM Integration - Okta

Step 1: Create the SCIM Application

1. Log in to the Okta “Admin Console”.
2. In the left hand panel, navigate to “Applications” → “Applications”
3. Click “Browse App Catalog” button:
4. In the “Search” box, search for “SCIM 2.0 Test App (OAuth Bearer Token)” and select it from the results:
5. Click on the “+ Add integration” button:
6. In the “Application label” box
   • Change “SCIM 2.0 Test App (OAuth Bearer Token)” to “Row Zero 2.0 App (OAuth Bearer Token)”
   • Uncheck “Application Visibility”
   • Uncheck “Automatically log in when user land on login page”
   • Click the “Next” button:
7. In the “Sign-On Options” section, do not select anything (as the Okta application will only be utilized for SCIM) and click the “Done” button:

Step 2: Configure the SCIM Connection

1. Inside the “Row Zero 2.0 App (OAuth Bearer Token)” application, click on the “Provisioning” tab and then the “Configure API Integration” button:
2. Click on the “Enable API Integration” checkbox, enter “https://scim.rowzero.io/scim/v2” for “SCIM 2.0 Base Url”, and enter the “OAuth Bearer Token” provided to you by Row Zero:
3. Click the “Test API Credentials” button and verify a successful response is received, then click the “Save” button:

Step 3: Enable User Provisioning Features

1. In the “Row Zero 2.0 App (OAuth Bearer Token)” application, under the “Provisioning” tab, select “Settings —> To App”:
2. Click the “Edit” link, and select “Create Users”, “Update User Attributes”, and “Deactivate Users” checkboxes:
3. Click the “Save” button:
4. On the same page, under “Row Zero 2.0 App (OAuth Bearer Token) Attribute Mappings”, click on the “Go to Profile Editor” button:
5. Under the “Attributes” section click on the “+ Add Attribute” button:
6. If an active attribute is part of your user profiles, create an “Active” attribute with the following and then click the “Save” button:
   • Data type: boolean
   • Display name: Active
   • Variable name: active
   • External name: active
   • External namespace: urn:ietf:params:scim:schemas:core:2.0:User
   • Attribute type: Personal
7. Under the “Attributes” section click on the “Mappings” button:
8. Select the “Okta User to Row Zero SCIM 2.0 (OAuth Bearer Token)” tab:
9. Select “Do not map” for every mapping other than “userName”, “displayName”, and “active” (if applicable to your user profiles):
10. Click the “Save Mappings” button:

Step 4: Assign Groups and Users

1. Navigate back to “Applications” → “Applications” and click on the “Row Zero 2.0 App (OAuth Bearer Token)” application:
2. Under the “Push Groups” tab press the “Push Groups” button and select “Find groups by name”:
3. Select the “Push group memberships immediately” checkbox, enter the group name(s) you’d like to sync to Row Zero, and when done click the “Save” button:
4. Under the “Assignments” tab press the “Assign” button and select “Assign to People” for any user in your application that could possibly use Row Zero in order to activate type ahead completion in the secure sharing feature:
   • Note: If Okta makes you populate the “Given name” and “Family name” attributes when assigning the user, populate them with relevant values; ultimately these will be ignored by Row Zero in favor of the display name.
5. Under “Assignments” tab press the “Assign” button and select “Assign to Groups” and assign any of the groups defined under the “Push Groups” tab:
   • Note: The “Push Groups” tab tells Okta to sync the group records but not the group membership, the “Assignments” tab in relation to groups tells Okta to sync the members of the group.