SCIM User Provisioning With Okta

Manage user identities in Process Street with SCIM via Okta.

SCIM (System for Cross-Domain Identity Management)  allows you to add and remove users that you have set up in Okta.

Securely set up user roles and access to Process Street programmatically.

Plan: SCIM is an Enterprise add-on. If you are interested in enabling SCIM for your company, contact our support team, your CSM or your Account Executive.

Users: To create an API key you must be an administrator.

Docs: SCIM | Okta

SCIM Configuration for Okta

To enable SCIM on your account you will need to have your organization domain(s) registered in Process Street. Contact our support team to set this up for you.

You will also need to have an SSO integration that supports SCIM provisioning. Once that’s in place you can go ahead and follow the configuration steps.

There are three steps to set up SCIM with Process Street:

  1. Create and connect the SCIM application
  2. Enable provisioning
  3. Set up provisioning
  4. Assign users to Process Street

1. Create/Connect the Process Street SCIM Application

  • From the tenant overview screen click Applications from the left menu
  • Click Create App Integration
  • You can use a pre-built SCIM app called “Add SCIM 2.0 Test App (OAuth Bearer Token)” to help you get set up
  • In the general settings, give the app a name e.g. Process Street
  • Un-check the box for “Browser plug-in auto-submit”
  • Click Next
  • In sign-on methods, select the application username format “Okta username”
  • Click Done

2. Enable provisioning

  • Navigate to the provisioning tab
  • Click Configure API Integration
  • Check the box to Enable API Integration
  • In the URL field, add this URL: https://public-api.process.st/api/scim
  • Add your API from Process Street as the bearer token

Generate your API key in Process Street

You can generate and name a new API key from the integrations page in your Process Street organization manager area.

The name of your API key will show in notification emails sent to users you have provisioned, so it’s best practice to change the default label to avoid confusion.

  • Click Test API Credentials
  • Click Save

3. Set up provisioning

  • Choose from Okta to SCIM
  • In the attribute mapping, ensure that these fields are mapped:
    • given name (map from okta profile)
    • family name (map from okta profile)
    • primary email
    • primary email type
    • display name
    • user type (this determines the user’s role in Process Street)
  • Remove any of the other fields that you don’t wish to map
  • Scroll up and edit the enablement steps. Check the boxes for:
    • Create users
    • Update user attributes
    • Deactivate users
  • Click Save

Assign users to Process Street

  • Click on the assignments tab
  • Click Assign, then Assign to people
  • Search for the user you’d like to add, click Assign
  • Scroll down and enter the user type as either Admin, FullMember, FreeMember or Guest (If no user type is selected, the default is that users will be added as a free member)
  • Save and go back to add more users

Note: When adding FullMember or FreeMember, there should be no space between Full and Member or Free and Member.

FAQ’s

Can I add existing users in Process Street to Okta to manage them?
Yes, ensure that you have the email address and the exact user name from Process Street and you can add them into Okta.


 

 

Was this article helpful?

Related Articles