You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/blog/glc-scim-api-integration-with-okta-scim-adapter-1.md
+19-25Lines changed: 19 additions & 25 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,47 +20,44 @@ You can synchronize users and groups from your Okta identity management service
20
20
The Okta SCIM adapter application can be installed from the Okta Integration Network (OIN) into your Okta implementation to allow for integration with a SCIM-compliant API. Any user that needs to be synchronized to HPE GreenLake Flex Solutions must be assigned to the Okta SCIM adapter application in your Okta implementation. Groups whose memberships need to be synced to HPE GreenLake Flex Solutions must be added as a Push Group in the application. Users can be assigned to the application using the same groups that are synchronized to HPE GreenLake Flex Solutions.
21
21
22
22
# Configuring a SCIM application in Okta.
23
-
* Step 1: In the Okta Admin Console, deploy an application from the app catalog:
24
-
a. Go to **Applications** > **Browse App Catalog**.
25
-
b. In the search bar type SCIM 2.0, and find the app called: SCIM 2.0 Test App (OAuth Bearer Token).
26
-
c. Select the application and then click **Add Integration**.
27
23
28
-
* Step 2: In the Add Scim2.0 Test App page, do the following:
24
+
* Step 1: In the Okta Admin Console, deploy an application from the app catalog:\
25
+
a. Go to **Applications** > **Browse App Catalog**.\
26
+
b. In the search bar type SCIM 2.0, and find the app called: SCIM 2.0 Test App (OAuth Bearer Token).\
27
+
c. Select the application and then click **Add Integration**.
28
+
* Step 2: In the Add Scim2.0 Test App page, do the following:\
29
29
a. Change the application label name if you want and make sure **Automatically log in when user lands on login page** is checked.
30
30
31
31
32
32
33
-
<br />
33
+
<br />
34
34
35
-
b. Click **Next**. On the following page, click **Done**.
35
+
b. Click **Next**. On the following page, click **Done**.
36
36
37
-
38
-
Step 3: After the application is created, configure the integration:
39
-
a. Click the **Provisioning** tab, then select **Configure API Integration**.
40
-
b. Select the **Enable API Integration** check box.
41
-
c. In the SCIM 2.0 Base Url field, enter: https://sps.us1.greenlake-hpe.com/v1alpha1/scimproxy.
42
-
d. In the OAuth Bearer Token field: [link to create long-lived tokens for user provisioning] Step 2 & 3
43
-
e. Uncheck the box for the Import Groups option.
37
+
Step 3: After the application is created, configure the integration:\
38
+
a. Click the **Provisioning** tab, then select **Configure API Integration**.\
39
+
b. Select the **Enable API Integration** check box.\
40
+
c. In the SCIM 2.0 Base Url field, enter: https://sps.us1.greenlake-hpe.com/v1alpha1/scimproxy.\
41
+
d. In the OAuth Bearer Token field: \[link to create long-lived tokens for user provisioning] Step 2 & 3\
42
+
e. Uncheck the box for the Import Groups option.\
44
43
f. Test that the URL and token are valid by clicking **Test API Credentials**, then click **Save**. If everything is correct, the following message is shown:
45
44
46
45
* SCIM 2.0 Base Url: https://sps.us1.greenlake-hpe.com/v1alpha1/scimproxy
47
46
* Token: [link to create long-lived tokens for user provisioning](https://developer.hpe.com/blog/configuring-azure-ad-with-long-term-token-for-scim-provisiong/)
48
-
**Step 2 & 3**
47
+
**Step 2 & 3**
49
48
***Uncheck** the box for Import Groups
50
49
51
50
After URL and Token are added test to make sure they are valid by clicking > **Test API****Credentials** and **Save** if everything is correct should return the following message:
52
51
53
52
54
53
55
-
* Step 4. Configure the synchronization settings:
54
+
* Step 4. Configure the synchronization settings:\
56
55
a. Under the **Provisioning** tab > **To App** section, enable these settings:
57
56
58
-
- Create Users
59
-
60
-
- Deactivate Users
57
+
* Create Users
58
+
* Deactivate Users
61
59
62
-
63
-
1)**Create Users** 2)**Deactivate Users**
60
+
1)**Create Users** 2)**Deactivate Users**
64
61
65
62
66
63
@@ -70,13 +67,10 @@ After URL and Token are added test to make sure they are valid by clicking > **T
70
67
71
68
c. Assign the group you want to synchronize to HPE GreenLake Flex Solutions to the SCIM application under the **Application** > **Assignments** tab and add it as a push group in the **Push Groups** tab.
72
69
73
-
74
70
**Assignments** tab:
75
71
76
72
![](/img/scim-group.png"Assignments tab")
77
73
78
-
79
-
80
74
**Push Groups** tab:
81
75
82
76
![](/img/scim-push.png"Push Groups tab:")
@@ -85,4 +79,4 @@ After URL and Token are added test to make sure they are valid by clicking > **T
85
79
Adding the Group Everyone group to the SCIM application could have unintended effects on all users.
86
80
87
81
These are all the steps required to configure a SCIM 2.0 application. Remember that users must be members of a group that is assigned to the SCIM application and that group must be included in a push group.
88
-
Now all configured groups can be pushed into HPE GreenLake Flex Solutions via the Okta SCIM Adapter.
82
+
Now all configured groups can be pushed into HPE GreenLake Flex Solutions via the Okta SCIM Adapter.
0 commit comments