Okta's SCIM is another great option to minimize user management on top of SSO by provisioning your employees to OfficeRnD Hybrid without the need to manually create or import each one of them here. This way you can manage users in Okta and every update there will be synced to our platform.
Table of Contents
- We recommend managing and editing employees only in your Active Directory.
- During the initial configuration of the SCIM integration in Okta, Teams from OfficeRnD will be pulled and Groups for them will be created into Okta. These groups can’t be deleted. Please be mindful of that and ensure you have no Teams in OfficeRnD that shouldn’t be created in Okta.
- OfficeRnD supports a multi-team structure - one employee can be part of several teams. The first synced Okta group will be their Primary team. If they are part of other groups you decide to provision, they will be assigned to the person as additional teams.
- Please bear in mind that if an employee leaves the company and their profile is deleted from the Active Directory, they will not be deleted from OfficeRnD Hybrid but will be labeled as Former. If they had any bookings in the system, they will be kept as well. Any future bookings of the said employee must be canceled manually.
Enable SCIM in OfficeRnD
Set up SSO with one of the supported options listed here. SCIM cannot be configured without it.
- Navigate to Settings/Integrations and click Configure on your existing SSO Authentication integration.
- Check the Enable SCIM option.
- Click Update.
Set up SCIM in Okta
- Open your Okta Workspace account as an Administrator and navigate to Applications.
- Click Browse App Catalog and search for SCIM.
- Select SCIM 2.0 Test App (Header Auth) from the available options.
- Click Add Integration.
- Disable Browser plugin auto-submit and click Next.
- In the Sign-in Options select Secure Web Authentication.
- Check the option that is meaningful to your internal policies.
- Click Done.
- Switch to the Provisioning tab inside the SCIM app interface.
- Click Configure API Integration and check Enable API integration.
- Open your OfficeRnD, navigate to Settings/Integrations and click Configure on your existing SSO integration.
- Copy the SCIM Base URL and paste it into Okta's Base URL field.
- Back to OfficeRnD, click to reveal the SCIM Secret and copy the value.
- Paste it in Okta's API Token field and key in Bearer in front of the copied value (e.g Bearer xxxxxxxxxxxxxxxx)
- In OfficeRnD, click Update in the SSO/SCIM configuration pop-up.
- Now back to Okta, click Test API Credentials. If you have followed the steps, the app will be verified successfully.
- Hit Save.
- Once this is done, you have to configure the provisioning from okta --> SCIM, e.g how the sync should work and create Okta users in OfficeRnD. Only a one-way sync is supported for the time being.
- Click Edit.
- Enable Create Users.
- Enable Update User Attributes.
- Enable Deactivate Users.
- Sync Passwords is not needed.
- Hit Save.
- Switch to SCIM --> okta and make sure Profile & Lifecycle Sourcing is Disabled.
SCIM is now ready and you can use Okta's functionalities to start provisioning your users to OfficeRnD Hybrid.
- Switch to the Assignments tab in your SCIM application - here you can Assign all Groups whose Users should be synced. This will begin syncing the users in Okta as Employees in OfficeRnD
- Next, switch to Push Groups tab - here you select which Groups will be created in OfficeRnD as Teams. Doing so will begin syncing the Teams in OfficeRnD and will assign the employees in their respective teams.