Save as PDF

User Provisioning in Okta

Overview

Prior to configuring and testing Responsive in Okta, ensure that the SCIM feature is enabled for your company in Responsive.

Troubleshooting and Tips

  • If the SCIM feature is not enabled for your company in Responsive, testing your connection fails with a 403 response code.
  • Ensure a default role and business unit are selected at the application level in Organization Settings > Security before proceeding with the setup in the Okta.
  • Email addresses are the primary/unique identifier, so ensure they get mapped.
  • The rfpio_user_role and costCenter (business unit in Responsive) fields are non-editable. These are set during creation/app assignment.
  • The Responsive username must be unique.
    • userName and email address are the same in the Responsive side.
    • userName is a non-editable field.

Select the applicable tab for your edition of Responsive.

  • Configuring User Provisioning in Okta

    1. Login to Okta and click the Applications tab, then click Add Application.
      mceclip0.png
    2. Type Responsive in the Search field and click Add. The Add Responsive-General Settings tab displays.
      mceclip1.png
    3. Click Next to go to the Sign-On Options page.
      mceclip2.png
    4. Select Email from the Application username format drop-down list; then click Done.
      mceclip3.png

    Generating an OAuth Bearer Token from Responsive

    1. Go to Organization Settings > Security > SCIM and turn on the Auto User Provisioning toggle.
      mceclip4.png
    2. Click Generate SCIM API Token, select the appropriate options from the Default Business Unit (if enabled) and Default User Role drop-down lists, then click Submit. A warning message displays alerting you to copy your API token and store it.
      mceclip5.png

      mceclip6.png
    3. Click Got It! on the warning message. The SCIM window displays.
    4. Click the Copy icon to copy the token, then click Submit.
      2020-07-22_15-17-13.png
    5. Go to Okta > Provisioning > Integration and paste the copied API token in the OAuth Bearer Token field.
      Sample API Token: s-8c7d34c30c17092bsdffdfdsergnghuy201e67-5c6426ce9b2ffe0ererer5b4
      mceclip8.png
    6. Type https://app.rfpio.com/rfpserver/scim/v2 in the SCIM 2.0 Base URL field, then click Test API Credentials.
    7. Click Save once the credentials are tested successfully.
    8. Click the To App tab and click Edit.

    mceclip9.png

    1. Check the Create Users, Update User Attributes, and Deactivate Users boxes, then click Save.

    mceclip10.png

     Supporting Attributes

    Attribute

    Value

    Given name

    user.firstName

    Family name

    user.lastName

    Title

    user.title

    Primaryphone

    user.primaryPhone

    Time zone

    user.timezone

    *Cost center(optional & custom)

    user.costCenter (This is applicable only if business unit is enabled in Responsive)

    *rfpio_user_role(optional & custom)

    user.user_role (Responsive Internal value which specifies the role name. If not given while provisioning, default role would be set)

    Note: Cost center and user role are optional attributes. The default value for these can be set in Responsive while generating the bearer token.

    1. Click the To Okta tab, then scroll down and click Go to Profile Editor.
      mceclip12.png
    2. Click Add Attribute.

    mceclip13.png

    1. The Add Attribute pop-up displays. Enter the following values in the respective fields, then click Save.
      mceclip15.png
      • Display Name field: Type rfpio_user_role
      • Variable Name field: Type rfpio_user_role_user_role
      • Description field: Enter the internal value that indicates the role name in Responsive. This must match with the available role names in the Responsive account.

        The newly added attribute displays as shown below:

        mceclip14.png
    2. Click the Provisioning tab, then scroll down and click Go to Profile Editor.

    mceclip16.png

    1. Click Mappings to map the attributes.

    mceclip17.png

    1. The User Profile Mappings page displays. Click the Responsive to Okta tab and then map the rfpio_user_role attribute to user_role from the drop-down.

    mceclip18.png

    1. Click the Okta to Responsive tab and then map the user_role attribute to rfpio_user_role from the drop-down.

    mceclip19.png

    1. Click Save Mappings.

    mceclip20.png

    1. The Responsive SCIM User Profile Mappings page displays. Click Apply updates now.
      mceclip21.png
      Once the attribute is mapped, it displays as shown below:
      • Responsive To App Mapping:
        mceclip22.png
      • Responsive To Okta Mapping:
        mceclip23.png

    User Provisioning/Deprovisioning in Responsive

    The following items regarding user provisioning/deprovisioning are covered below:

    • Adding users
    • Updating users
    • Deleting users

    Adding Users

    Once users are assigned to the SCIM application, they are added to Responsive along with their role. If a role or BU is not specified in the users profile, the default role (Team Member) or default BU is assigned to them.

    • In SCIM:
      mceclip24.png
    • In Responsive:
      mceclip25.png

    Updating Users

    User profiles are updated in Responsive when any of the below attributes are modified for the assigned application user in Okta:

    • Given name
    • Family name
    • Primary phone
    • Title
    • Time Zone

    Emails, user roles, and BUs cannot be updated; they can be set only during user creation.

    Deleting Users

    If users are removed from the SCIM application, they are rendered inactive in Responsive. To delete a user from SCIM:

    1. Click the Delete icon associated with the user to be removed.
      mceclip26.png
    2. Click OK on the confirmation pop-up.
      mceclip27.png
  • Essentials features are subscription-based and may not be available for all users. Contact your account manager, or accountmanagers@responsive.io, for more details.

    Configuring User Provisioning in Okta

    1. Login to Okta and click the Applications tab, then click Add Application.
      mceclip0.png
    2. Type Responsive in the Search field and click Add. The Add Responsive-General Settings tab displays.
      mceclip1.png
    3. Click Next to go to the Sign-On Options page.
      mceclip2.png
    4. Select Email from the Application username format drop-down list; then click Done.
      mceclip3.png

    Generating an OAuth Bearer Token from Responsive

    1. Go to Organization Settings > Security > SCIM and turn on the Auto User Provisioning toggle.
      mceclip4.png
    2. Click Generate SCIM API Token, select the appropriate options from the Default Business Unit (if enabled) and Default User Role drop-down lists, then click Submit. A warning message displays alerting you to copy your API token and store it.
      mceclip5.png

      mceclip6.png
    3. Click Got It! on the warning message. The SCIM window displays.
    4. Click the Copy icon to copy the token, then click Submit.
      2020-07-22_15-17-13.png
    5. Go to Okta > Provisioning > Integration and paste the copied API token in the OAuth Bearer Token field.
      Sample API Token: s-8c7d34c30c17092bsdffdfdsergnghuy201e67-5c6426ce9b2ffe0ererer5b4
      mceclip8.png
    6. Type https://app.rfpio.com/rfpserver/scim/v2 in the SCIM 2.0 Base URL field, then click Test API Credentials.
    7. Click Save once the credentials are tested successfully.
    8. Click the To App tab and click Edit.

    mceclip9.png

    1. Check the Create Users, Update User Attributes, and Deactivate Users boxes, then click Save.

    mceclip10.png

     Supporting Attributes

    Attribute

    Value

    Given name

    user.firstName

    Family name

    user.lastName

    Title

    user.title

    Primaryphone

    user.primaryPhone

    Time zone

    user.timezone

    *Cost center(optional & custom)

    user.costCenter (This is applicable only if business unit is enabled in Responsive)

    *rfpio_user_role(optional & custom)

    user.user_role (Responsive Internal value which specifies the role name. If not given while provisioning, default role would be set)

    Note: Cost center and user role are optional attributes. The default value for these can be set in Responsive while generating the bearer token.

    1. Click the To Okta tab, then scroll down and click Go to Profile Editor.
      mceclip12.png
    2. Click Add Attribute.

    mceclip13.png

    1. The Add Attribute pop-up displays. Enter the following values in the respective fields, then click Save.
      mceclip15.png
      • Display Name field: Type rfpio_user_role
      • Variable Name field: Type rfpio_user_role_user_role
      • Description field: Enter the internal value that indicates the role name in Responsive. This must match with the available role names in the Responsive account.

        The newly added attribute displays as shown below:

        mceclip14.png
    2. Click the Provisioning tab, then scroll down and click Go to Profile Editor.

    mceclip16.png

    1. Click Mappings to map the attributes.

    mceclip17.png

    1. The User Profile Mappings page displays. Click the Responsive to Okta tab and then map the rfpio_user_role attribute to user_role from the drop-down.

    mceclip18.png

    1. Click the Okta to Responsive tab and then map the user_role attribute to rfpio_user_role from the drop-down.

    mceclip19.png

    1. Click Save Mappings.

    mceclip20.png

    1. The Responsive SCIM User Profile Mappings page displays. Click Apply updates now.
      mceclip21.png
      Once the attribute is mapped, it displays as shown below:
      • Responsive To App Mapping:
        mceclip22.png
      • Responsive To Okta Mapping:
        mceclip23.png

    User Provisioning/Deprovisioning in Responsive

    The following items regarding user provisioning/deprovisioning are covered below:

    • Adding users
    • Updating users
    • Deleting users

    Adding Users

    Once users are assigned to the SCIM application, they are added to Responsive along with their role. If a role or BU is not specified in the users profile, the default role (Team Member) or default BU is assigned to them.

    • In SCIM:
      mceclip24.png
    • In Responsive:
      mceclip25.png

    Updating Users

    User profiles are updated in Responsive when any of the below attributes are modified for the assigned application user in Okta:

    • Given name
    • Family name
    • Primary phone
    • Title
    • Time Zone

    Emails, user roles, and BUs cannot be updated; they can be set only during user creation.

    Deleting Users

    If users are removed from the SCIM application, they are rendered inactive in Responsive. To delete a user from SCIM:

    1. Click the Delete icon associated with the user to be removed.
      mceclip26.png
    2. Click OK on the confirmation pop-up.
      mceclip27.png

Was this article helpful?

/