Overview
Prior to configuring and testing Responsive in Okta, ensure that the SCIM feature is enabled for your company in Responsive.
Troubleshooting and tips
- If the SCIM feature is not enabled for your company in Responsive, testing your connection fails with a 403 response code.
- Ensure a default role and business unit are selected at the application level in Organization Settings > Security before proceeding with the setup in the Okta.
- Email addresses are the primary/unique identifier, so ensure they get mapped.
- The rfpio_user_role and costCenter (business unit in Responsive) fields are non-editable. These are set during creation/app assignment.
- The Responsive username must be unique.
- userName and email address are the same in the Responsive side.
- userName is a non-editable field.
Select the applicable tab for your edition of Responsive.
-
Configuring user provisioning in Okta
- Login to Okta and go to the Applications page.
- Click Browse App Catalog. The Browse App Integration Catalog page appears.
- Type Responsive in the Search field and click Responsive from the search results.
- Click Add Integration. The Add Responsive-General settings tab displays.
- Click Next to go to the Sign-On Options page.
- Select Email from the Application username format drop-down list; then click Done.
Generating an OAuth Bearer Token from Responsive- Go to Organization Settings > Security > SCIM and turn on the Auto User Provisioning toggle.
- Click Generate SCIM API Token, select the appropriate options from the Default Business Unit (if enabled) and Default User Role drop-down lists, then click Save. A warning message displays alerting you to copy your API token and store it.
- Click Got It! on the warning message. The SCIM window displays.
- Click the Copy icon to copy the token, then click Save.
- Go to Okta > Provisioning.
- Click Configure API Integration.
- Enable API Integration and paste the copied API token in the OAuth Bearer Token field.
Sample API Token: s-8c7d34c30c17092bsdffdfdsergnghuy201e67-5c6426ce9b2ffe0ererer5b4 - Type https://app.rfpio.com/rfpserver/scim/v2 in the SCIM 2.0 Base URL field, then click Test API Credentials.
- Click Save once the credentials are tested successfully.
- Click the To App tab and click Edit.
- Select the checkboxes for Create Users, Update User Attributes, and Deactivate Users, then click Save.
Supporting attributes
Attribute
Value
Given name
user.firstName
Family name
user.lastName
Title
user.title
Primaryphone
user.primaryPhone
Time zone
user.timezone
*Cost center(optional & custom)
user.costCenter (This is applicable only if business unit is enabled in Responsive)
*rfpio_user_role(optional & custom)
user.user_role (Responsive Internal value which specifies the role name. If not given while provisioning, default role would be set)
Note: Cost center and user role are optional attributes. The default value for these can be set in Responsive while generating the bearer token.
- Click the To Okta tab, then scroll down and click Go to Profile Editor.
- Click Add Attribute.
- The Add Attribute pop-up displays. Enter the following values in the respective fields, then click Save.
- Display Name field: Type rfpio_user_role
- Variable Name field: Type rfpio_user_role
- Description field: Enter the internal value that indicates the role name in Responsive. This must match with the available role names in the Responsive account.
The newly added attribute displays as shown below:
- Click the Provisioning tab, then scroll down and click Go to Profile Editor.
- Click Mappings to map the attributes.
- The User Profile Mappings page displays. Click the Responsive to Okta tab and then map the rfpio_user_role attribute to user_role from the drop-down.
- Click the Okta to Responsive tab and then map the user_role attribute to rfpio_user_role from the drop-down.
- Click Save Mappings.
- The Responsive SCIM User Profile Mappings page displays. Click Apply updates now.
Once the attribute is mapped, it displays as shown below:- Responsive To App Mapping:
- Responsive To Okta Mapping:
- Responsive To App Mapping:
User provisioning/deprovisioning in Responsive
The following items regarding user provisioning/deprovisioning are covered below:
- Adding users
- Updating users
- Deleting users
Adding users
Once users are assigned to the SCIM application, they are added to Responsive along with their role. If a role or BU is not specified in the users profile, the default role (Team Member) or default BU is assigned to them.
- In SCIM:
- In Responsive:
Updating users
User profiles are updated in Responsive when any of the below attributes are modified for the assigned application user in Okta:
- Given name
- Family name
- Primary phone
- Title
- Time Zone
Emails, user roles, and BUs cannot be updated; they can be set only during user creation.
Deleting users
If users are removed from the SCIM application, they are rendered inactive in Responsive. To delete a user from SCIM:
- Click the Delete icon associated with the user to be removed.
- Click OK on the confirmation pop-up.
-
Essentials features are subscription-based and may not be available for all users. Contact your account manager, or accountmanagers@responsive.io, for more details.
Configuring user provisioning in Okta
- Login to Okta and go to the Applications page.
- Click Browse App Catalog. The Browse App Integration Catalog page appears.
- Type Responsive in the Search field and click Responsive from the search results.
- Click Add Integration. The Add Responsive-General settings tab displays.
- Click Next to go to the Sign-On Options page.
- Select Email from the Application username format drop-down list; then click Done.
Generating an OAuth Bearer Token from Responsive-
- Go to Organization Settings > Security > SCIM and turn on the Auto User Provisioning toggle.
- Click Generate SCIM API Token, select the appropriate options from the Default Business Unit (if enabled) and Default User Role drop-down lists, then click Save. A warning message displays alerting you to copy your API token and store it.
- Click Got It! on the warning message. The SCIM window displays.
- Click the Copy icon to copy the token, then click Save.
- Go to Okta > Provisioning.
- Click Configure API Integration.
- Enable API Integration and paste the copied API token in the OAuth Bearer Token field.
Sample API Token: s-8c7d34c30c17092bsdffdfdsergnghuy201e67-5c6426ce9b2ffe0ererer5b4 - Type https://app.rfpio.com/rfpserver/scim/v2 in the SCIM 2.0 Base URL field, then click Test API Credentials.
- Click Save once the credentials are tested successfully.
- Click the To App tab and click Edit.
- Select the checkboxes for Create Users, Update User Attributes, and Deactivate Users, then click Save.
Supporting attributes
Attribute
Value
Given name
user.firstName
Family name
user.lastName
Title
user.title
Primaryphone
user.primaryPhone
Time zone
user.timezone
*Cost center(optional & custom)
user.costCenter (This is applicable only if business unit is enabled in Responsive)
*rfpio_user_role(optional & custom)
user.user_role (Responsive Internal value which specifies the role name. If not given while provisioning, default role would be set)
Note: Cost center and user role are optional attributes. The default value for these can be set in Responsive while generating the bearer token.
- Click the To Okta tab, then scroll down and click Go to Profile Editor.
- Click Add Attribute.
- The Add Attribute pop-up displays. Enter the following values in the respective fields, then click Save.
- Display Name field: Type rfpio_user_role
- Variable Name field: Type rfpio_user_role
- Description field: Enter the internal value that indicates the role name in Responsive. This must match with the available role names in the Responsive account.
The newly added attribute displays as shown below:
- Click the Provisioning tab, then scroll down and click Go to Profile Editor.
- Click Mappings to map the attributes.
- The User Profile Mappings page displays. Click the Responsive to Okta tab and then map the rfpio_user_role attribute to user_role from the drop-down.
- Click the Okta to Responsive tab and then map the user_role attribute to rfpio_user_role from the drop-down.
- Click Save Mappings.
- The Responsive SCIM User Profile Mappings page displays. Click Apply updates now.
Once the attribute is mapped, it displays as shown below:- Responsive To App Mapping:
- Responsive To Okta Mapping:
- Responsive To App Mapping:
User provisioning/deprovisioning in Responsive
The following items regarding user provisioning/deprovisioning are covered below:
- Adding users
- Updating users
- Deleting users
Adding users
Once users are assigned to the SCIM application, they are added to Responsive along with their role. If a role or BU is not specified in the users profile, the default role (Team Member) or default BU is assigned to them.
- In SCIM:
- In Responsive:
- Go to Organization Settings > Security > SCIM and turn on the Auto User Provisioning toggle.
Updating users
User profiles are updated in Responsive when any of the below attributes are modified for the assigned application user in Okta:
- Given name
- Family name
- Primary phone
- Title
- Time Zone
Emails, user roles, and BUs cannot be updated; they can be set only during user creation.
Deleting users
If users are removed from the SCIM application, they are rendered inactive in Responsive. To delete a user from SCIM:
- Click the Delete icon associated with the user to be removed.
- Click OK on the confirmation pop-up.