The Okta / Rhombus SCIM integration currently supports the following provisioning features:
- Create Users: Users created in Okta will automatically get provisioned in Rhombus
- Update User Attributes: Changes to user profile in Okta will be pushed to Rhombus
- Deactivate Users: Users deactivated in Okta will get deleted from Rhombus
- Reactivate Users: Users reactivated in Okta will get provisioned in Rhombus
- Import users: Users in Rhombus can be imported in to Okta
The following Okta user attributes will be synchronized to Rhombus:
- First Name
- Last Name
- Roles
Configuration Steps:
Step 1:
Generate the SCIM API key by going to Settings -> Single Sign-On
Step 2:
- Login to your Okta account
- Go to the Provisioning tab in the Rhombus Systems App
- Click on API Integration
- Check Enable API Integration
- Enter the base url and API token from Step 1
- Click Test API Credentials
- Click Save
Step 3:
- Under the Provisioning tab for Rhombus Systems App in Okta Click “To App”
- Modify the Attribute “roles” of Attribute Type “Group” to the desired value or expression matching the Roles created in Rhombus Systems and choose Apply on “Create and Update”
Step 4:
- Force Sync
Requirements:
- The “roles” group attribute should be present unless Add Users on Role Mismatch is enabled on the Rhombus Console
Known Issues/Troubleshooting:
- When users are deactivated in Okta they will get deleted from Rhombus for security measures. As Okta does not support delete requests, Rhombus will delete user accounts when Okta reports a user status update changing active=false.
- Primary Email is only used for importing users from Rhombus and is not used for pushing user updates
- Updating Usernames for Users is not supported by Rhombus
- Even though Okta allows multiple Roles to be assigned to the user, Rhombus will only use a single role. We will use the first matching role when new users are pushed.
- Users with empty First/Last cannot be imported in to Okta as OKTA requires both these parameters to be present
Comments
0 comments
Please sign in to leave a comment.