Okta SCIM Integration

swimlane turbine supports scim 2 0 integration with okta use this guide to configure the okta scim 2 0 app, connect it to swimlane, and provision users and groups choose your path goal go to configure the okta scim app provisioning scim application in okta /#provisioning scim application in okta assign users and groups assigning users /#assigning users , assigning groups /#assigning groups , pushing groups /#pushing groups field mapping and api details provisioning with scim integration docid\ ucyk5mly9erosd2 nvjpu provisioning scim application in okta log in to okta as an administrator on the left panel, select applications > applications , and click browse app catalog search for scim 2 0 app in the search field click add integration > integrate the app click the provisioning tab and configure api integration enter the following values and click save field value base url https //\<your swimlane host>/tenant/api/account/\<account id>/scim/v2 api token swimlane personal access token (pat) replace \<your swimlane host> with your swimlane turbine hostname and \<account id> with your swimlane account uuid okta sends the pat as the api token; swimlane maps it for scim authentication use a pat for a user with account admin privileges see provisioning with scim integration docid\ ucyk5mly9erosd2 nvjpu for authentication, authorization, and field mapping enable provisioning and run test api credentials to confirm the connection assigning users to provision okta users in swimlane turbine, create users in okta, assign the users to a group, and then assign the provisioning app to the group create users in okta in okta, on the left panel, select directory > people , and click add person in the add person dialog box, enter the user details click save or click save and add another to add another user from the assignments tab, click assign from the pop up menu, click assign to people assign any user and verify that the assigned user is added in swimlane swimlane turbine displays only a subset of okta user fields see provisioning with scim integration docid\ ucyk5mly9erosd2 nvjpu on the parent scim topic editing or removing users from the assignments tab, click assign click the edit icon next to the user update mapped fields (for example, givenname, familyname, display name) and click save to remove a user assignment, click the delete icon next to the user and click save verify that user information is updated in swimlane in turbine 26 0 0 and later, okta may call scim delete to remove users in earlier versions, de provision users by setting active to false via put or patch see provisioning with scim integration docid\ ucyk5mly9erosd2 nvjpu assigning groups if you do not already have user groups set up in your idp, create them first you will assign roles and account access to these groups in swimlane after they sync to learn how to create groups, see your idp documentation assigning users is done using two tabs in the app we recommend selecting users on the assignments tab and associated groups on the push groups tab in the app, click the assignments tab from the assignments form, click assign from the pop up menu, click assign to groups from the assign to groups form, click assign for each group you want to assign to the application click save and go back repeat until all desired groups are assigned to the application click done pushing groups in the app, click the push groups tab from the push groups form, click push groups from the pop up menu, click find groups by name in the search field, enter the first few characters of the group name you want to send to swimlane leave push group memberships immediately checked click your group in the search results list click save , or save and add another to configure more groups without pushing the group, the group does not sync to swimlane turbine after you push a group, it continues to sync until it is deactivated in okta roles are not provisioned through scim; assign roles to synced groups manually in swimlane verify that the group, group members, and user–group associations appear in swimlane turbine see also provisioning with scim integration docid\ ucyk5mly9erosd2 nvjpu — prerequisites, pat authentication, rest endpoints, and field mapping