Okta and SCIM - onboarding

Adamchesterton

hi all - looking to automate onboarding new users via scim when we provision their okta account. Anyone successfully enabled this?

ArborRose

There are settings in Admin > Authentication related to SCIM (System for Cross-domain Identity Management). There are settings for Single Sign-On, OpenID Connect (SSO), SAML (SSO), etc.

Try this AI suggestion:

Here’s a step-by-step guide on how to enable and configure SCIM for automating user onboarding in Domo via Okta:

1. Set Up Domo SCIM Integration:

Domo supports SCIM for user provisioning. To enable this integration between Okta and Domo, follow these steps:

In Domo:

• Admin Access Required: Ensure you have admin privileges in Domo.
• Go to Admin Settings in Domo.
• Navigate to Security → User Provisioning (SCIM).
• Enable SCIM and generate an API token. This token will be used to authenticate the connection between Okta and Domo.
• Copy the token as you'll need it when configuring Okta.

2. Configure SCIM in Okta:

In Okta:

• Admin Access Required: You need Okta admin access to configure this.
• Log in to your Okta Admin Console.
• Go to Applications → Applications.
• Click Add Application, then search for “Domo” in the Okta Integration Network.
• Add the Domo app, and go to the Provisioning tab.

In the Provisioning tab:

• Under Integration, click on Configure API Integration.
• Enable the API integration and provide the SCIM API token from Domo.
• Enter the SCIM Base URL: https://api.domo.com/scim/v2
• Test the API credentials to ensure the connection is successful.

3. Define SCIM Provisioning Actions:

After configuring the SCIM API integration in Okta, you can define the specific actions for user management:

In the Provisioning tab:

• Under To App, enable the following options (as needed):
  • Create Users: This will automatically create new users in Domo when assigned to the Okta app.
  • Update User Attributes: Updates user information in Domo when changes are made in Okta.
  • Deactivate Users: Automatically deactivates users in Domo when their Okta account is deactivated.

You can also configure which attributes (e.g., first name, last name, email, etc.) should be synced between Okta and Domo.

4. Assign Users to the Domo App in Okta:

• In the Assignments tab in the Okta Domo app, assign users or groups that should be provisioned into Domo.
• Okta will automatically provision those users into Domo based on your settings.

5. Test the SCIM Integration:

• Create or update a user in Okta, assign them to the Domo app, and verify that the user is automatically created or updated in Domo.
• Check if any errors occur in Okta’s provisioning logs and troubleshoot if necessary.

6. Monitor and Manage Users:

• Once set up, Okta will handle the provisioning and de-provisioning of users in Domo based on the assignments in Okta.
• In Domo, you can view and manage users in the Admin section under Users, and check the synchronization status.

7. Additional Tips:

• Group Management: If you want to automate role-based access in Domo (e.g., assigning users to specific groups), Okta supports group push functionality, where you can sync Okta groups with Domo groups.
• Custom SCIM Mappings: You can customize the SCIM attribute mappings in Okta to control what information gets synced to Domo. This is useful if you have custom user fields.

Summary

Enabling SCIM integration between Okta and Domo allows you to automate user provisioning, updates, and deactivation. By configuring the SCIM API in Okta and syncing it with Domo, user onboarding and lifecycle management become streamlined. If you encounter any issues, you can check the logs in both Domo and Okta for errors, and adjust the attribute mappings or provisioning settings as necessary.

ArborRose

There are settings in Admin > Authentication related to SCIM (System for Cross-domain Identity Management). There are settings for Single Sign-On, OpenID Connect (SSO), SAML (SSO), etc.

Try this AI suggestion:

Here’s a step-by-step guide on how to enable and configure SCIM for automating user onboarding in Domo via Okta:

1. Set Up Domo SCIM Integration:

Domo supports SCIM for user provisioning. To enable this integration between Okta and Domo, follow these steps:

In Domo:

• Admin Access Required: Ensure you have admin privileges in Domo.
• Go to Admin Settings in Domo.
• Navigate to Security → User Provisioning (SCIM).
• Enable SCIM and generate an API token. This token will be used to authenticate the connection between Okta and Domo.
• Copy the token as you'll need it when configuring Okta.

2. Configure SCIM in Okta:

In Okta:

• Admin Access Required: You need Okta admin access to configure this.
• Log in to your Okta Admin Console.
• Go to Applications → Applications.
• Click Add Application, then search for “Domo” in the Okta Integration Network.
• Add the Domo app, and go to the Provisioning tab.

In the Provisioning tab:

• Under Integration, click on Configure API Integration.
• Enable the API integration and provide the SCIM API token from Domo.
• Enter the SCIM Base URL: https://api.domo.com/scim/v2
• Test the API credentials to ensure the connection is successful.

3. Define SCIM Provisioning Actions:

After configuring the SCIM API integration in Okta, you can define the specific actions for user management:

In the Provisioning tab:

• Under To App, enable the following options (as needed):
  • Create Users: This will automatically create new users in Domo when assigned to the Okta app.
  • Update User Attributes: Updates user information in Domo when changes are made in Okta.
  • Deactivate Users: Automatically deactivates users in Domo when their Okta account is deactivated.

You can also configure which attributes (e.g., first name, last name, email, etc.) should be synced between Okta and Domo.

4. Assign Users to the Domo App in Okta:

• In the Assignments tab in the Okta Domo app, assign users or groups that should be provisioned into Domo.
• Okta will automatically provision those users into Domo based on your settings.

5. Test the SCIM Integration:

• Create or update a user in Okta, assign them to the Domo app, and verify that the user is automatically created or updated in Domo.
• Check if any errors occur in Okta’s provisioning logs and troubleshoot if necessary.

6. Monitor and Manage Users:

• Once set up, Okta will handle the provisioning and de-provisioning of users in Domo based on the assignments in Okta.
• In Domo, you can view and manage users in the Admin section under Users, and check the synchronization status.

7. Additional Tips:

• Group Management: If you want to automate role-based access in Domo (e.g., assigning users to specific groups), Okta supports group push functionality, where you can sync Okta groups with Domo groups.
• Custom SCIM Mappings: You can customize the SCIM attribute mappings in Okta to control what information gets synced to Domo. This is useful if you have custom user fields.

Summary

Enabling SCIM integration between Okta and Domo allows you to automate user provisioning, updates, and deactivation. By configuring the SCIM API in Okta and syncing it with Domo, user onboarding and lifecycle management become streamlined. If you encounter any issues, you can check the logs in both Domo and Okta for errors, and adjust the attribute mappings or provisioning settings as necessary.