Configuring SCIM in Okta

Katrin Geske
Katrin Geske
  • Updated

1. Introduction

babelforce offers a System for Cross-domain Identity Management - SCIM - endpoints that can be used with any user management system that supports this protocol. However, since all those systems have slightly different assumptions about details in the SCIM protocol we can only guarantee out-of-the-box functionality for the system we have tested.


Supported Systems we tested with:

  • Okta
  • Entra

2. Okta

Disclaimer: This integration requires certain prerequisites to work, if you are already a babelforce customer contact support@babelforce.com to learn more.

2.1. Features

  • Create Users: Users in Okta that are assigned to the babelforce.com SCIM application are automatically added to your babelforce account.
  • Update User Attributes: When user attributes are updated in Okta, they will be updated in babelforce.
  • Deactivate Users: When users are deactivated in Okta, they will be removed from your babelforce account. This prevents users from logging in to your babelforce account.

2.2. Requirements

The babelforce SCIM integration is currently only available for enterprise customers. If you want to upgrade to a enterprise plan please reach out to your Account Executive.

On babelforce side, there is currently nothing to configure for SCIM. With Okta it should work out of the box when using the babelforce.com SCIM application from the Okta integration network and following the Step-by-step configuration instructions.

2.3. Step-by-step configuration instructions

1) Go to  “Applications” > “Browse App Integration Catalog

 

1_find_app.png

2) Select babelforce.com and press "Add Integration"

2_add_integration.png

3) Enter a name for the application for e.g. "babelforce.com SCIM"

3_add_babelforce_com.png

4) Go to "Provisioning" tab -> "Integration" and enter the environment-specific integration "Base URL" and your account-specific "API Token"

4_add_credentials.png

5) Go to "Provisioning" -> "To App" -> "Provisioning to App" and press "Edit"

  • Enable "Create Users", "Update User Attributes", "Deactivate Users"
  • Press "Save"

5_config_to_app.png

6) Go To "Assignments" -> press "Assign" -> "Group"/"User" to add groups or users to provision via SCIM

 

6_Go_to_assignments.png

7) Assign a "Group" e.g. "Test Group"

  • Press "Assign" to assign babelforce roles to a group in Okta.

7_Assign_a_group.png 

8) Assign babelforce roles to the "Test Group" in Okta

  • All users in the "Test Group" will be created as "Managers" in babelforce. For more information on what the roles in babelforce mean, see also role management in babelforce.

8_Assign_roles.png

9) On the "Assignments" tab you will be able to see all users that are individually assigned or assigned via a group in your Okta account.
9_see_assignments.png

2.4. Troubleshooting, Known Issues, and Tips

  • To use the SCIM integration with Okta, you need to select Email for the application username format on the Sign On application tab in Okta.
  • Groups cannot be pushed to babelforce.
  • babelforce is handling all email addresses as a lower case
    • if you transmit emails in any other case babelforce will always return them in lowercase only.
  • babelforce does not require a first and lastname, users created in babelforce will return those SCIM name properties as "none". Users created on the Okta side will return the first and lastname set in Okta. First and lastname will not be visible anywhere in babelforce except for agents.
    • mceclip0.png
  • if a user on babelforce.com has no roles, it will be deleted unless it is assigned to multiple tenants (cross-tenant user).
    • to prevent that you can select a default fallback role in babelforce, which will be applied if no roles are submitted.
  • If you supply phone numbers via SCIM the phone number will be attached to the user in babelforce if the user has the role agent.
    • If no phone number is transmitted, nothing will happen to the agents telephone number in babelforce.
    • If a primary phone number is present it will be attached to the agent it has priority.
    • If any phone number is present, but no primary phone number it will be attached to the agent.
  • okta does not delete users in SCIM applications, it performs a soft delete instead. 
  • Settings on babelforce
    • when using SCIM with Okta the following settings in babelforce are recommended
    • Roles  (mapping) -> enabled
    • Groups  (mapping) -> disabled
    • Default roles(s) -> empty
    • Password synchronization -> disabled
    • Telephone number synchronization -> disabled

Screenshot 2024-11-08 at 10.01.06.png

Related to

Was this article helpful?

/

Comments

0 comments

Please sign in to leave a comment.