Okta's SCIM is a great option for minimizing user management over SSO. It allows you to provide your employees with OfficeRnD Workplace without manually creating or importing each one. This way, you can manage users in Okta, and every update will be synced to our platform.
Important
We would recommend that you manage and edit employees only in your Active Directory.
During the initial configuration of the SCIM integration in Okta, Teams from OfficeRnD will be pulled, and Groups will be created for them in Okta. These groups can't be deleted. Please be mindful of that and ensure you have no Teams in OfficeRnD that shouldn't be created in Okta.
OfficeRnD supports a multi-team structure - one employee can be part of several teams. The first synced Okta group will be their Primary team. If they are part of other groups you decide to provision, they will be assigned to the person as additional teams.
Please remember that if an employee leaves the company and their profile is deleted from the Active Directory, they will not be deleted from OfficeRnD Workplace but will be labeled as Former. If they had any bookings in the system, they will be kept as well. Any future bookings of the said employee must be canceled manually.
Enable SCIM in OfficeRnD
Set up SSO using one of the supported options listed here. SCIM cannot be configured without it.
Go to Settings > Integrations and Activate the SCIM User Provisioning integration.
Click Configure to obtain the SCIM Base URL and SCIM Secret:
Set up SCIM in Okta
Open your Okta Workspace account as an Administrator and go to Applications.
Click Browse App Catalog and search for "SCIM".
Select SCIM 2.0 Test App (Header Auth) from the available options.
Click Add Integration.
Disable Browser plugin auto-submit and click Next.
In the Sign-in Options select Secure Web Authentication.
Check the option that is meaningful to your internal policies.
Click Done.
Switch to the Provisioning tab inside the SCIM app interface.
Click Configure API Integration and select Enable API integration.
Open your OfficeRnD, go to Settings > Integrations, and click Configure under the SCIM User Provisioning integration.
Copy and paste the SCIM Base URL into Okta's Base URL field.
Back to OfficeRnD, click to reveal the SCIM Secret, and copy the value.
Paste it in Okta's API Token field and key in Bearer in front of the copied value (e.g. Bearer xxxxxxxxxxxxxxxx)
In OfficeRnD, click Done in the SCIM configuration pop-up.
Now back to Okta, click Test API Credentials. If you have followed the steps, the app will be verified successfully.
Click Save.
Once this is done, you have to configure the provisioning from Okta --> SCIM, e.g., how the sync should work and create Okta users in OfficeRnD. Only a one-way sync is supported for the time being.
Click Edit.
Enable Create Users.
Enable Update User Attributes.
Enable Deactivate Users.
Sync Passwords is not needed.
Click Save.
Switch to SCIM --> okta and ensure Profile & Lifecycle Sourcing is Disabled.
SCIM is now ready, and you can use Okta's functionalities to start providing your users with OfficeRnD Workplace.
Switch to the Assignments tab in your SCIM application - here, you can Assign all Groups whose Users should be synced. This will begin syncing the users in Okta as Employees in OfficeRnD
Next, switch to the Push Groups tab - here, you select which Groups will be created in OfficeRnD as Teams. In doing so, we will begin syncing the Teams in OfficeRnD and assign the employees to their respective teams.