Okta SCIM configuration

A pre-requisite for this article is configuring Okta for SAML2 SSO.

Currently the Trelica OIN app does not have SCIM enabled. The updated app is currently being processed by Okta. In the mean time you may have to create a new SSO App for Trelica in Okta.

Enabling SCIM for Trelica in Okta

Go to the General tab on the Trelica app in Okta.

Under App Settings click Edit:

Tick the Enable SCIM provisioning checkbox, and click Save:

A new tab called Provisioning will appear. Choose it, and click the Edit button.

Setting up the basic SCIM integration

In a separate tab, log in to Trelica and choose AdminSettingsUsersSingle Sign-On (SSO)SCIM and click Generate Token:

You will need the Base URL and the Bearer token for Okta. 

The SCIM token won't be active until you click Enable SCIM - we recommend copying the Bearer token to the clipboard and then click.

The Base URL will still be available:

Go back to Okta and fill in the following fields:

  1. Paste the Trelica Base URL into SCIM connector base URL.
  2. Enter userName into Unique identifier field for users
  3. Check Import New Users and Profile UpdatesPush New Users, and Push Profile Updates.
  4. For Authentication Mode choose HTTP Header
  5. Paste the Trelica Bearer token into the Authorization field

If you've clicked Enable SCIM in Trelica, you can now click Test Connector Configuration in Okta.

The first four items should be ticked. Click Close.

Now click Save in Okta. 

The page will refresh and with To App selected on the left-hand side, you can now click Edit again on the Provisioning tab.

Configuring provisioning options

Check to enable:

  • Create Users
  • Update User Attributes
  • Deactivate Users

Click Save.

Importing users from Trelica into Okta

If you will be sometimes inviting users from Trelica directly you will want to configure a scheduled import.

Click To Okta, and Edit:

Pick the frequency you want and click Save

You will now see a User Creation & Matching panel. We recommend changing the default values to set Auto-confirm exact matches

Finally we recommend running an initial import. Go to the Import tab and click Import Now:

You may see a user with a scim- prefix. This is a Trelica service account that Okta is authenticating with using the token you generated earlier. It's returned as a Trelica user, but you should choose to ignore the assignment:

Click Confirm Assignments when done.

Testing the SCIM connection

You can test by creating a new Okta user:

And then assinging them to Trelica:

Now you can go to People, and pick Trelica access - the new user should appear.

Click through to the person's profile to manage their access in more detail:

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.