A pre-requisite for this article is configuring Okta for SAML2 SSO.
Currently the Trelica OIN app does not have SCIM enabled. The updated app is currently being processed by Okta. In the mean time you may have to create a new SSO App for Trelica in Okta.
Enabling SCIM for Trelica in Okta
Go to the General tab on the Trelica app in Okta.
Under App Settings click Edit:
Tick the Enable SCIM provisioning checkbox, and click Save:
A new tab called Provisioning will appear. Choose it, and click the Edit button.
Setting up the basic SCIM integration
In a separate tab, log in to Trelica and choose Admin > Settings > Users > Single Sign-On (SSO) > SCIM and click Generate Token:
You will need the Base URL and the Bearer token for Okta.
The SCIM token won't be active until you click Enable SCIM - we recommend copying the Bearer token to the clipboard and then click.
The Base URL will still be available:
Go back to Okta and fill in the following fields:
- Paste the Trelica Base URL into SCIM connector base URL.
- Enter
userName
into Unique identifier field for users - Check Import New Users and Profile Updates, Push New Users, and Push Profile Updates.
- For Authentication Mode choose HTTP Header
- Paste the Trelica Bearer token into the Authorization field
If you've clicked Enable SCIM in Trelica, you can now click Test Connector Configuration in Okta.
The first four items should be ticked. Click Close.
Now click Save in Okta.
The page will refresh and with To App selected on the left-hand side, you can now click Edit again on the Provisioning tab.
Configuring provisioning options
Check to enable:
- Create Users
- Update User Attributes
- Deactivate Users
Click Save.
Importing users from Trelica into Okta
If you will be sometimes inviting users from Trelica directly you will want to configure a scheduled import.
Click To Okta, and Edit:
Pick the frequency you want and click Save.
You will now see a User Creation & Matching panel. We recommend changing the default values to set Auto-confirm exact matches.
Finally we recommend running an initial import. Go to the Import tab and click Import Now:
You may see a user with a scim- prefix. This is a Trelica service account that Okta is authenticating with using the token you generated earlier. It's returned as a Trelica user, but you should choose to ignore the assignment:
Click Confirm Assignments when done.
Testing the SCIM connection
You can test by creating a new Okta user:
And then assinging them to Trelica:
Now you can go to People, and pick Trelica access - the new user should appear.
Click through to the person's profile to manage their access in more detail:
Comments
0 comments
Please sign in to leave a comment.