Setting up SCIM - Okta

This article describes how to set up SCIM within the Security Journey Okta App

Rachel Yonan avatar
Written by Rachel Yonan
Updated this week

What is SCIM?

SCIM is an open standard for automating user provisioning across domains, reducing the time and complexity typically associated with onboarding.

  • It removes the need for manual user management and minimizes human error, meaning program admins can spend more time with learners

  • We support syncing learner attributes to Security Journey and currently support: First name, Last Name, Email Address, Job Role, Company, Business Unit, Security Champion and Team

If you need additional support in how to set up and configure Okta Attributes, please refer to these Okta Help Desk Articles:

Okta mapping to our application

  • user.email → email

  • user.firstName → givenName

  • user.lastName → familyName

  • user.employeeNumber → employeeNumber (enterprise user field)

  • user.department → department (enterprise user field)

  • user.division → business_unit (custom attribute)

  • user.Country → country

    • Note: Uses user.addresses.^[primary==true].country logic

  • user.title → job_role (custom attribute)

  • true → security_champion (custom attribute)

  • user.manager → managerDisplayName

  • user.managerId → managerValue

The only attribute that is required for Security Journey is emailAddress - all other attributes are optional.

Prerequisites

In order to set up SCIM on Security Journey with Okta, you will need:

Security Journey

  • An account with Admin privileges

Okta

  • Okta, version 2016.07 or later

  • A user with Application Admin privileges

Supported Features

Our SCIM Integration support the following features:

  • Create Users

  • Update User Attributes

  • Deactivate Users

For more information on the listed features or terms, visit the Okta Glossary.

Configuration Steps

1. Login to Okta with your Admin account, navigate to Applications

2. Click "Browse App Catalog"


​3. Search for "Security Journey" and choose "Add Integration"

4. After adding the application, you can update the application label (if desired). You will also want to check the box under Application Visibility > Do not display application icon to users. Then click Next.


5. You will then be presented with the Sign-On Options: Require, make any necessary changes here and then click "Done."

6. The new application will open on the Assignment tab. You will need to navigate to the Provisioning tab next and choose "Configure API Integration"

7. From here, check the "Enabled API Integration" check box and copy paste the SCIM API URL and SCIM Token from the SCIM settings in Security Journey. For more information on generating a SCIM API URL and Token check out this article.

8. Once you've copied and pasted the SCIM API URL and SCIM Token into Okta, you will need to click "Test API Credentials." If successful, it will look like this.


9. From here, you will navigate to Provisioning > Settings > To App and click "edit." You will want to enable the options below and click save:

  • Create Users

  • Update User Attributes

  • Deactivate Users


10. Finally, we recommend updating the Assignments setting by assigning a test user or small group of users to the application and verify synchronization via Okta logs & inside Security Journey:

  • Okta is generally near-instant when propagating updates. However, this is not guaranteed and may take up to an hour to fully sync over to Security Journey.

11. Once you've successfully tested, you can update the group assignment as needed.

Troubleshooting

Our application doesn't support capitalization within email addresses and they will be normalized to lower case. If this is a requirement within your IdP or Active Directory, you may need to adjust the emailAddress that you are sending to us as the primary user identifier.

Did this answer your question?