Setting up SCIM on Okta

These instructions are for reference only. When implementing a SCIM integration, consider company-specific security policies and best practices. These instructions cover the configuration of SCIM on the IdP's side and contain IdP-specific details. 

This article details how to set up SCIM on Okta for user provisioning to Haiilo. In this article, we assume you are using the same application for SCIM as you use for SSO. You can view instructions for setting up SSO in Okta in Setting up SSO on Okta.

The general instructions and important information for setting up SCIM on Haiilo can be found in the Managing users with SCIM provisioning article. Please review the article before completing the setup.

Set up SCIM on Okta

You need admin rights in your Okta account to set up SCIM.

Enable SCIM provisioning

  1. Log in to the Okta Platform.
  2. Go to Applications.
  3. Find and select the application you created when setting up SSO for Haiilo.
  4. Go to General > App Settings and select Edit.
  5. Check the box for Enable SCIM provisioning.
  6. Select Save.

Establish the connection

  1. Go to the Provisioning tab.
  2. Select Edit.
  3. Configure the following fields:
    SCIM connector base URL https://<your_subdomain>.smarpshare.com/api/scim/v2
    Unique identifier field for users email
    Supported provisioning actions
    • Import New Users and Profile Updates
    • Push New Users
    • Push Profile Updates

    Note: The other actions listed are not supported by Haiilo.
    Authentication Mode HTTP header
    HTTP header: Authorization Your Haiilo access token
  4. Select Test Connector Configuration.
  5. If the connection is successful, select Save.

okta scim.png

Edit mappings

  1. In To App, scroll down to the Haiilo new SSO Attribute Mappings.
  2. Decide which profile fields you want to map for users. You can see a list of supported attributes in Managing users with SCIM provisioning. Below is an example of how the attribute mappings can look:
    Example attribute mappings in Okta

Remove all unsupported attributes from the mappings. They can cause undesirable side effects in the platform if left.

Enable provisioning

  1. Still, in To App, select Edit.
  2. Define which actions you want to enable. We recommend using all actions:
    • Create Users
    • Update User Attributes
    • Deactivate Users. Note! Deactivating a user will delete their Haiilo user account. Deleted accounts cannot be restored. They have to be re-created as new users.
  3. Select Save.

The initial cycle will run shortly after, and any new users will be created on the platform. To provision previously assigned users, select Assignments > Provision user.

Example provisioning of user from Okta to Haiilo.png

Was this article helpful?

0 out of 0 found this helpful