Before You Begin
Important: Before you setup SCIM with Okta, you will need to open a support ticket with Infosec to enable the provisioning on your Infosec IQ account. The provisioning settings will not be available by default.
Most of the time you will want to also use Okta for SSO. If that is the case, you should first configure an Okta SSO application by following the instructions in Okta SSO Configuration.
Enable SCIM Provisioning in Okta
You’ll need access to your organization’s Okta admin console and admin access to Infosec IQ in order to complete these steps.
-
Navigate to Infosec application in Okta that you setup previously (see above).
-
On the General tab, select the Edit button for the App Settings section.
-
Check the box next to Provisioning that says Enable SCIM provisioning.
-
Open the Infosec Accounts dashboard, by navigating to Infosec IQ, clicking the gear icon in the top right corner, and selecting Learner Authentication (SSO)
-
Select the Provisioning tab.
-
To proceed in Okta, you’ll need two things from this page–the Service Provider URL and a personal access token.
- Service Provider URL: You can find this on at the bottom of this page.
-
Personal access token: Select ‘create a new one’ in the text above the provider URL. Give the token a name and expiration date. Leave the SCIM provisioning box checked, and click Save. Take note of the token (note: you will not be able to retrieve this later).
-
Back in Okta, navigate to the Provisioning tab. Under Settings select Integration. Click edit in the SCIM Connection section.
-
Fill in the following settings–
- SCIM connector base URL: Fill with the Service Provider URL you just collected from Infosec.
- Unique identifier field for users: Fill with the word ‘email’
- Supported provisioning actions: Check ‘Push New Users’, ‘Push Profile Updates’, and ‘Push Groups’ boxes.
- Authentication Mode: Set to ‘HTTP Header’
-
Authorization (Bearer): Fill with the personal access token you just collected from Infosec
-
Click the Test Connector Configuration button to ensure that the connection is working. If the test is succesful, click Save
-
Next, click To App under Settings, then click the blue Edit button on the right
-
Check the Enable boxes in each of the following three sections, Create Users, Update User Attributes, and Deactivated Users so that it matches the image below. Click Save.
Now, all users and groups assigned to the application in the Assignments tab of Okta will sync into Infosec Accounts. They will not yet show up in Infosec IQ in the Learners section. To turn on the sync from Infosec Accounts to Infosec IQ follow the remaining steps
- Navigate back to the Infosec Accounts Dashboard and select the Overview tab
- Check Sync Enabled? box in the Application links section.
Manage the sync from Infosec Accounts to Infosec IQ
As mentioned in the instructions above, once the sync has happened from Okta to Infosec Accounts, it will be synced to Infosec IQ. To manage how these users are converted to learners and to ensure that users are permanently deleted to free up licenses, see our article about the the receiving end of learner syncs, Learner Sync Documentation.