Skip to main content

SSO setup OKTA - SCIM integrations

This document is a step-by-step guide to setting up a System for Cross-domain Identity Management (SCIM) integration using Okta and will allow users to fully migrate to using Okta as their identity provider for Vault Platform.

O
Written by Oluwaseyi Bakare
Updated over a month ago

💡 Please note that when connected to an Identity Provider (IDP) you will only be able to control users’ access to the resolution hub. All user details and app access will be managed through the IDP.


Features

Vault Platform integration with Okta currently supports the following features.

  • Create Users

  • Update Users Attributes

  • Deactivate Users

We currently don’t support the following features:

  • Import Users to Okta from Vault Platform

  • Create/Update/Deactivate Groups

  • Import Groups

  • Sync Password

Requirements

Prerequisites for setting up provisioning for Vault Platform include the following.

  • You must have a slug set up with Vault Platform that is used for SSO and SCIM integrations, if you do not have this please contact your CSM.

  • You must have data integrations enabled with Vault Platform. If you do not see this tab in the menu bar in your Resolution Hub, or need to find out if you already have these features enabled, please contact your CSM.

Step­-by-­Step Configuration Instructions:

In Vault Platform

  1. Login to the Resolution Hub at https://app.vaultplatform.com/login

  2. Navigate to the Data Integrations Tab. Please note you are required to have Vault admin or Super Admin permissions to view this tab. If you still cannot see the data integrations tab please contact your CSM to enable this feature.

  3. Click on the "Select Method" dropdown and select "Okta"

  4. Generate and store a secret password which will be used to validate the SCIM connection. We recommend you follow best practice and create a randomly generated, secure password. Please keep a note of this password for later when you need to enter it into the OKTA Integrations page.

    We suggest using a site like Lastpass to generate a secure password, ideally 48 characters long.

  5. Set the SCIM secret location to bearer; paste the saved secret password that you generated into the text box; and check that the Set as active SCIM Provider is toggled on.

  6. Click the save button to save the provisioning settings.

In Okta

  1. Log in to your Okta Admin panel. You must have permission to access that admin panel to add the Vault Platform app to your list of applications.

  2. Click on the Provisioning tab, and select integration where you can set up your SCIM integration.


  3. Click Configure API Integration and the click enable API integration.

  4. You should enter a secret API Token here in the format of a bearer token. You generated earlier and used in the Vault Platform application.

  5. Click Test API Credentials. You should see a Success message: Vault Platform was verified successfully!

  6. Click save to save the API credentials.

  7. Please then go in the provisioning tab to the “To App” section which should appear on the left hand side above “To Okta” And “Integration”. In here please enable provisining to the app has everything enabled, Create Users, Update User Attributes, Deactivate Users

  8. You will need to update a profile for mapping Okta user to SCIM. Please navigate in Okta to your Directory → Profile editor and click on Mappings next to the Vault Platform app.

  9. You must now ensure you have the correct mapping for your application from Okta to Vault platform. Click on the To App tab and ensure you have mappings for the following parameters:

  10. Ensure you have the following mappings enabled for Okta to app: Please note: All attributes must be filled in as they are required by Vault Platform.

  11. With all of these set you should be complete and you should be able to use provisioning.

  12. Go to your Assignments tab to add people and groups to be provisioned to your vault platform application.

Troubleshooting and Tips

  • Ensure you have the correct authentication methods set and ensure the bearer token you used is the same in the Okta app as it is on Vault Platform Resolution Hub.

  • Ensure you have correctly set up the mapping from Okta to Vault Platform. Any users which do not have all the required fields will not be added to Vault Platform.

  • Ensure you have added users and groups to the app under the assignments tab.

  • Check under the assignments tab that there are no errors (red icons) next to user assignments. These errors will look like the following:


NOTE: We currently do not support updating information from Vault Platform to OKTA and we don’t yet support groups. If you are trying to provision groups you will get errors.

The features we don’t yet support are:

  • Import Users to Okta from Vault Platform

  • Create/Update/Deactivate Groups

  • Import Groups

  • Sync Password

Provisioning users will only give them access to the Vault Platform App on iOS/Android. Permissions to access the Resolution Hub (ResHub) must be granted within the ResHub by a manager, admin or super admin. These users will then use SSO to authenticate and log in to the ResHub.

💡 Note: When users are deactivated in Okta, they will be deactivated in Vault Platform. Users will not be able to login to the application, but their data will remain available as an ‘inactive user’. To permanently delete user data, contact Vault Platform Support, ([email protected]).

Need Further Help?

If you have problems or issues with Vault Platform and Okta, contact the Vault team through our chat in the Resolution Hub and we’ll work with you on it.

Related Articles
How to configure SSO with Microsoft Entra ID (SAML)
Enable SCIM Integration with Identity Management Provider
SSO setup Okta - SAML
Did this answer your question?