Connect an Okta Directory (SCIM)

Navigate to Okta and log in to your account.

Select Applications > Applications. The Applications screen displays.

Select Browse App Catalog. The Browse App Integration Catalog screen displays.

Enter "SCIM 2.0 Test App (Header Auth)" in the search field and select SCIM 2.0 Test app (Header Auth) in the Suggestions dropdown. The SCIM 2.0 Test App screen displays.

Select Add Integration. The Add SCIM 2.0 Test App (Header Auth) screen displays.

If desired, you can enter a name for the application in the Application label field. If you choose to add a custom name, we recommend using the name of the board you plan to connect to the application. Leave all other fields set to their default values. Then, select Next. The Sign-On Options tab displays.

The Sign-On Option tab allows you to configure how users log in to your application, but this isn't necessary for provisioning. Scroll to the bottom and select Done.

On the SCIM 2.0 Test App (Header Auth) screen, select the Provisioning tab. The Provisioning tab displays.

Select Configure API Integration.

Select the Enable API Integration checkbox. The Base URL and API Token fields display.

In the Base URL field, enter the server you want to use with the suffix /scim/v2.

You can find the Tonkean SCIM API URL by selecting your profile icon in the upper right and navigating to Board Settings > Identity Provider.

Next, you must generate an API token. To generate this token, open your Tonkean board, select your profile icon in the upper right, and navigate to Board Settings > Identity Provider. Select Create New Provider. The Create New Provider window displays.

Select the Provider Type dropdown and choose OKTA. Then, enter a Display Name for the provider. When finished, select Generate Token. The Access Token displays.

Select Copy to copy the access token. Paste the token in a separate file.

This is the last time you'll be able to view the decrypted token, so make sure you save it somewhere safe in case you need to reference it later.

Return to Okta. In the API Token field, enter token, insert a space, and then paste in the API token.

Remember to include the string token and a space before entering your API token, or Okta will generate an error when testing the credentials.

Select Test API Credentials. If the test is successful, a success message displays. If the test is not successful, an error message displays. The content of the error message should help you troubleshoot potential causes for the error.

Once you receive a success message, select Save.

Select the Provisioning tab. The Provisioning tab displays.

Select Edit. The Provisioning to App settings become editable.

Select the Enable checkboxes that correspond with the following settings:

When finished, select Save.

In Okta, select Applications > Applications. The Applications screen displays.

Select SCIM 2.0 Test App (Header Auth) from the list of applications. The SCIM 2.0 Test App (Header Auth) screen displays.

On the SCIM 2.0 Test App (Header Auth) screen, select the Provisioning tab. The Provisioning tab displays

Scroll down to the SCIM 2.0 Test App (Header Auth) Attribute Mappings heading. Below this heading, select Go to Profile Editor. The Profile Editor screen displays.

Select Add Attribute. The Add Attribute window displays.

Enter the following values:

These are the same values you added in step #4 when adding roles to users.

Confirm the values are correct and select Save.

On the Profile Editor screen, select Mappings. The Application User Profile Mappings window displays.

Select Okta User to {Application Name}.

Scroll to the down to the bottom of the window and select the dropdown beside the tonkeanRoles. From that dropdown, select user.tonkeanRoles.

When finished, select Save Mappings.