How to configure SCIM 2.0 with Okta – Rhombus Systems

The Okta / Rhombus SCIM integration currently supports the following provisioning features:

Create Users: Users created in Okta will automatically get provisioned in Rhombus
Update User Attributes: Changes to user profile in Okta will be pushed to Rhombus
Deactivate Users: Users deactivated in Okta will get deleted from Rhombus
Reactivate Users: Users reactivated in Okta will get provisioned in Rhombus
Import users: Users in Rhombus can be imported in to Okta

The following Okta user attributes will be synchronized to Rhombus:

Configuration Steps:

Step 1:

Generate the SCIM API key by going to Settings -> Single Sign-On

Step 2:

Step 3:

Under the Provisioning tab for Rhombus Systems App in Okta Click “To App”
Modify the Attribute “roles” of Attribute Type “Group” to the desired value or expression matching the Roles created in Rhombus Systems and choose Apply on “Create and Update”

Step 4:

Requirements:

The “roles” group attribute should be present unless Add Users on Role Mismatch is enabled on the Rhombus Console

Known Issues/Troubleshooting:

When users are deactivated in Okta they will get deleted from Rhombus for security measures. As Okta does not support delete requests, Rhombus will delete user accounts when Okta reports a user status update changing active=false.
Primary Email is only used for importing users from Rhombus and is not used for pushing user updates
Updating Usernames for Users is not supported by Rhombus
Even though Okta allows multiple Roles to be assigned to the user, Rhombus will only use a single role. We will use the first matching role when new users are pushed.
Users with empty First/Last cannot be imported in to Okta as OKTA requires both these parameters to be present