Okta - SCIM - Configuration
Important Note
The instructions in this article cover a third-party app and may not reflect the latest version. Please use these instructions as a guide to complete the task, but be aware that some screens, field names, and steps may have changed.
Overview
OverviewThis article provides details on configuring an Okta identity provider to use Flosum's SCIM API. For more information about SCIM, see the following article.
Customer-Hosted
Customers who host Flosum Apps on their own infrastructure will have a custom URL for logging into their apps. When using this documentation, replace any Flosum Hosted URLs with your own URLs.
Prerequisites
Before setting up automated provisioning, ensure SAML-based SSO is properly configured and fully functional in your Flosum tenant.
View your SAML 2.0(Header Auth) on the Sign On tab and ensure your SAML 2.0 Attributes are correctly set. See the screenshot and table below.
uniqueUserId
user.id
firstName
user.firstName
lastName
user.lastName
user.email
For instructions for adding and configuring an Okta identity provider, see the following articles.
Configure Okta
Configure API Integration
Click Applications under the Applications on the left sidebar menu.
Click the Provisioning tab.
Click Configure API Integration.
Check the API Integration checkbox.
In the Base URL textbox, enter the SCIM API URL for your region from the table below.
United States
https://global-us.flosum.app/api/v1/scim
Germany
https://global-de.flosum.app/api/v1/scim
Japan
https://global-jp.flosum.app/api/v1/scim
Australia
https://global-au.flosum.app/api/v1/scim
In the API Token textbox, enter your Global Settings API Token. If you don't have an API Token, see the following article for instructions on creating one.
Click Test API Credentials. If successful, you will receive a "{Your app name} was verified successfully!" message.
If you don't receive a connection confirmation, check the Base URL and ensure it isn't blocked by firewalls or other network traffic interceptors. Then verify that the API Token is correct.
Click Save.
Mappings
The Flosum SCIM API uses specific metadata values from Okta user profiles. This section explains the required mappings between the Flosum SCIM API and Okta attributes.
On the application settings page, navigate to Provisioning -> To App.
Click Edit.
Enable the following options:
Create Users
Update User Attributes
Deactivate Users
Don't enable Sync Password; Flosum doesn't use the identity provider's password for user accounts.
Make sure the following attributes are enabled for provisioning:
Username
Given name
Family name
Primary email
Time zone
Assignments
Assign users to the Flosum SCIM application.
Click the Assignments tab.
Click the Assign dropdown menu.
Click Assign to People.
Select the user to assign to this application.
Specify the user information to use for this application.
For the Username field, enter the user's email address.
Flosum uses the email address as the username. Make sure the Username attribute is mapped to the user's email address.
If the Time Zone field is left blank, the timezone will default to Etc/UTC.
Importing Users
If you've already added users directly to your Flosum tenant rather than provisioning them through Okta, you can sync them with your identity provider by importing them from Flosum.
Click the Import tab.
Click Import Now.
Your Flosum users will be imported into your Okta identity provider.
Determine how to assign the imported SCIM users to Okta users.
This prevents mismatched users between systems and avoids login issues after enabling SSO.
Last updated
Was this helpful?