Okta SCIM - Automatic User Provisioning

Requirements:

  1. Configured OKTA SSO application. SCIM application won’t work without it, users won’t be able to login

    Okta SSO instructions

  2. API Token (SCIM bearer token) that will be provided by the Wizer team

  3. Okta administrator account

Instructions for SCIM application setup:

SCIM application should be set up in order for Okta Provisioning (users synchronization) to work. Users will continue to use the SSO application to login.

Instructions:

  1. Click ApplicationsAdd Application

  2. Add SCIM 2.0 Test App (Header Auth) application

  3. Enter Application Label (application name) and make the application invisible for users

  4. Under the Provisioning tab click on the Configure API Integration button

  5. Enter the SCIM Base URL and SCIM Bearer Token

    1. For Base URL enter: https://api.wizer-training.com/api/v1/scim/v2

    2. For API Token enter the value that was provided by the Wizer team (SCIM Bearer Token)

    3. Click Test API Credentials to verify the app

    4. After you get notified that the supplied credentials are authorized, click Save

  6. Under the Sign On tab click on the Edit button

  7. Map Application username format (SCIM Username) to Email. Then click Save

  8. In the Provisioning tab select the To App tab and click Edit

  9. Configure Provisioning settings

    You can enable Create Users, Update User Attributes, and Deactivate Users capabilities

    Our application doesn’t support the “To Okta” Provisioning
  10. Assign Users (user provisioning)

    Only assigned users will appear in Wizer

    We recommend provisioning users through assigning groups

    Assign the same users and group of users as for the SSO application. If some users are assigned to the SCIM application but aren’t assigned to the SSO application, they won’t be able to log in. 

    Under the Assignments tab click on the Assign button and click: 

    1. Assign to People to assign users

    2. Assign to Groups to assign groups of users

       
  11. Provisioning should start immediately, but it may take some time before you start seeing users in Wizer. The first initial sync might take a while, depending on your directory size.

  12. If you experience any issues with provisioning - like a user or group (Wizer department) not showing up in Wizer, it's important to check the logs section for errors. 

Groups Provisioning (OPTIONAL)

By default the SCIM application synchronizes the department field from user profile with Wizer Departments. Following Instructions in this section will allow you to extend this functionality and synchronize Okta groups with Wizer departments.

  1. If you want your Okta groups to be created in Wizer as departments you should Push Okta Groups manually. Each time you push a group, the department gets created in Wizer. However, only those members of the group who are already assigned to the Wizer SCIM application will become the Wizer department’s members.

  2. In the Push Groups tab, click on the Push Groups button and choose - Find Group By Name

    1. Start typing the name of the group you want to synchronize. Select the group in the dropdown and click Save

    2. The group should appear in the By name tab with the “Active” status

      If you rename a Group, you should push the Group again because it becomes disabled.