Loading
Salesforce now sends email only from verified domains. Read More
Own from Salesforce
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Set Up Okta SCIM Provisioning

            You are here:

            1. Salesforce Help
            2. Docs
            3. Own from Salesforce

            Set Up Okta SCIM Provisioning

            Integrate Okta with Own application using the SCIM token and SCIM URL.

            For detailed information, see the OKTA documentation for App integrations.

            Okta SCIM provisioning is a two-part process consisting of first creating the SCIM app (API integration) followed by configuring the app.

            Own supports Okta SCIM provisioning for individuals or for groups.

            To provision a new user to specific Own regions, create a new group configured with an attribute corresponding to Own regions and add the user to the group.

            Own doesn't support Okta SCIM provisioning for Push Groups.

            1. Create the SCIM App
              1. Click Browse App Catalog and add app: SCIM 2.0 Test App (Header Auth).
              2. Go to the Provisioning tab and configure the API integration using the parameters generated from your Own app:
              • In the Base URL field, enter the SCIM URL.
              • In the API Token field, enter the SCIM Token.
            2. Configure the SCIM App
              1. Go to the Provisioning tab and Configure the SCIM App.
              2. Enable the app for:
                • Create Users
                • Deactivate Users
                Update User Attributes is unsupported.
            3. Assignments: Own supports both assignment to people and assignment to groups.
              Adjustments, for example changing the role, are made through the Own Application UI.
              1. Assign to People: Select a person to assign to.
                This creates a user in all regions with the role of Read-only in the Default Business Unit.
                For multi-region accounts, to assign to a specific region, add a new regions attribute. See Add Attribute.
              2. Assign to Groups with Regions Attribute. Users created via SCIM integration are assigned the role of Read-only in the Default Business Unit.
              Note
              Note

              The business unit requires the name Default Business Unit.

              Deleting or changing the business unit name causes the integration to fail.

            4. Add Attribute:
              1. Go to SCIM Application, Provisioning.
              2. Under Attribute Mappings click Go to Profile Editor and add the attribute:
                • Display name: regions
                • Variable name: regions
                • External name: regions
                • External namespace: urn:ietf:params:scim:schemas:core:2.0
            5. Configure Regions: When assigning the SCIM App, under the regions attribute, enter a comma-separated list of the required Own regions. For example: us1,emea2

            To update an existing user's access from an existing region to a new region remove the user from the existing regions attribute in the IdP then assign the user to the new regions attribute in the IdP.

             
            Loading
            Salesforce Help | Article