This article will show you how to set up a SCIM API integration with Okta to provision, update and remove user accounts.
You can follow the guide below or watch the following configuration video:
________________________________________________________________________________________
Before you start, you need to already have an active SSO connection with Okta.
To learn how to set up SSO through Okta, please check our guide on How to set up Okta for Authentication.
________________________________________________________________________________________
Enabling the integration
Start by creating a new SCIM integration in Reward Manager.
Go to Integrations > Explore and search for SCIM API, then click on Create new SCIM API.
You will be led to the integration setup page where you can generate the Bearer Token and get the SCIM URL you will need to add on Okta’s side.
Next, on Okta, go to the Reward Gateway application you have already created through the Applications tab on the left.
Once in the RG app, go to General and under App Settings, click on Edit in the top right. Select SCIM next to Provisioning and click Save. A new tab named Provisioning will appear between Sign On and Import.
Click on the new Provisioning tab, then Edit next to SCIM Connection.
Go back to Reward Manager, copy the SCIM URL (v2)
and paste it into the SCIM connector base URL field on Okta:
Enter the relevant unique identifier name:
Select the actions you will be performing through this connection:
Pick HTTP Header as the Authentication Mode which will allow you to enter the bearer token in the right format:
To obtain the token, go back to Reward Manger and click on Generate OAuth Bearer Token:
Copy the token, paste it into the token field on Okta and click on Test Connector Configuration:
Once you see the confirmation message, close the window and click Save.
Don’t forget to also finish the SCIM API integration setup in Reward Manager.
Tick the following box if you wish to set this integration as the primary (expected) method of updating user accounts:
And select whether new users should receive Welcome e-mails as soon as they are provisioned:
Scroll down and click Save to enable the integration and make it live.
Go back to Okta - once you have saved the SCIM integration, you will see the following To App Settings section:
Click on Edit and enable the following actions to allow the connection to create, update and delete users, then save:
Your integration is now ready to push new updates to member profiles on the RG system. While on the same page (Settings > To App), you can scroll down and use the Force Sync button to push an on-demand update. This will ensure that membership eligibility and member details in Reward Manager match those on Okta.
How to enable the Debug Mode and capture logs?
You can find the Debug Mode by going to the SCIM API integraton > Tools > Debug.
Please, note that while the Debug Mode is enabled, you won't be able to edit your integration.
Click on Enable Debug Mode.
You would need to make some sample SCIM requests. We will capture them in real-time and show you the logs if there are any errors.
Membership Update History (Logs)
Please, note that Okta updates will not appear under Members > Membership Update History in Reward Manager.
Automatic provisioning of an account via Okta happens in real time and updating of account details happens in real time as well.
Since for a single account in a given day, there can be multiple sync attempts, we are not able to store a log for every single attempt.
You can check the provisioning history and any errors in the 'View Logs' section in your app:
Comments
0 comments
Please sign in to leave a comment.