Menu

    Okta SCIM Configuration

    Avatar
    Secure Code Warrior Elves
    • Updated
    Follow

     

    If your organization uses Okta to manage employee access you can use Okta’s provisioning feature to automatically grant or revoke access to Secure Code Warrior® for your users, using our official Okta Application available in the App Integration Catalog.

    You also have the option to synchronize Team membership, User role, and tags if you choose to do so.

     

     

    Provisioning Features

    The following provisioning features are supported by Secure Code Warrior:

     

    Feature  
    Push Users Users that are assigned to the Secure Code Warrior Application within Okta are automatically added as users in Secure Code Warrior.
    Update User Attributes When user attributes are updated in Okta, they will be updated in Secure Code Warrior.
    Deactivate Users When users are deactivated in Okta, or if their assignment to the Secure Code Warrior Application is removed, then these users will be deactivated in Secure Code Warrior.



    Configure Provisioning for Secure Code Warrior in Okta

    Before beginning the configuration, please generate a SCIM API key using the instructions in this article Automated User Provisioning with SCIM

     

    If you already have the Secure Code Warrior Application configured, then skip to Step 4.


    Step 1

    Search for Secure Code Warrior in the App Integration Catalog


    Step 2

    Click ‘Add Integration’ on the Secure Code Warrior integration information page

    Step 3

    Under General settings, select the Instance Region you would like to connect to, and click Done

    Step 4

    Navigate to the Provisioning --> Integration section and click on Configure API Integration

    Step 5

    • Configure the SCIM API Key
    • Ensure that Enable API Integration is ticked, and enter your SCIM API key into the API Token input field. Then choose the appropriate SCIM Endpoint that you are trying to connect to.
    • Click Test API Credentials to check that the key is correctly configured. Ensure that you use a SCIM API Key that was generated for the Instance Region that you configured in the earlier step.
    • If the test is successful, click Save.

    TIP: Instructions for generating a SCIM API Key can be found here


    Step5.jpg

     

    Step 6

    Navigate to the Provisioning Tab select To App and then Edit

    Check each box for SCW’s supported provisioning actions

    • Enable Create Users
      • Deselect Set password when creating new users
    • Enable Update User Attributes
    • Enable Deactivate Users

    And then click Save

    step7.jpg

    Basic setup complete

    At this point, your Okta application will be configured for basic user provisioning and de-provisioning. 

    In this basic setup:

    • Newly provisioned users will be created with the developer role in the Default Team.
    • User updates will only update the user’s email address,  First Name, Middle Name, and Last name.
    • When users are removed from the SCW Application in Okta, they will be de-provisioned from SCW by setting their account status to disabled.
    • If a de-provisioned user is given access again, then it will re-enable their existing account.


    Optional Configuration: Teams, Roles, Tags

    If you would like to also control the additional attributes of Team, Role, and Tags, please follow these additional steps. 

    For specific details about the validation rules of these attributes please read Automated User Provisioning with SCIM


    When mapping attributes in Okta, you have 3 options to determine where the value for the attribute comes from:


    Map the attributes based on Group or User Assignment

    This is the default setting for the Teams, Roles, and Tags attributes. When a Group or User is assigned to the SCW Application, then the Team Role and Tags can be specified at the time of assignment.

    groupassignment.jpg



    Map the attributes directly from the Okta User Profile

    In this method, a value from the Okta user profile is mapped directly to the SCW attribute. To use this method the information has to be available on the user’s Okta profile.

    Go to Provisioning tab and then To App. Then scroll down to the Secure Code Warrior Attribute Mappings and click Show Unmapped Attributes

     

    showunmappedattributes (1).jpg

     

    Then select the pencil 'edit' icon for the attribute that you would like to map. In our example we will choose scwTeamName

     

    editmapping.jpg

    Select Map from Okta Profile from the drop down box, and then select the attribute that you would like to map from. In this example we are mapping the department okta profile attribute, to the Team Name attribute for SCW.

    mapfromoktaprofile.jpg


    Calculate the attribute values using an Expression

    Okta provides an Expression language that can be used to dynamically calculate the attribute values.

    This could be done based on some other user attributes, or even group membership.

    To use an expression you simply enter the expression in the same place that the user attribute would usually be configured.

    mapfromexpression.jpg

    For further information about Okta Expression language see the Okta Expression Language documentation.

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.