Configuring SCIM User Provisioning with Okta

The Clumio service can integrate with Okta for SCIM provisioning. This article describes the steps to configure SCIM provisioning with with Okta.

Prerequisites

Supported features

  • Push users
  • Update user attributes
  • Deactivate users
  • Push Groups

Clumio does not currently support the following Okta provisioning features:

  • Remove users
  • Sync password
  • Enhanced group push

Configure SCIM provisioning

In Okta

  1. Open the Okta Admin console.
  2. Go to Applications > Clumio.
  3. On the Sign On tab, ensure that Application username format is set to Email.
  4. Navigate to the Provisioning tab, and click Configure API Integration.
  5. Check Enable API Integration.
  6. Get the SCIM Connector Base URL, and the SCIM API token from Clumio (See step 5), and copy it here.
  7. Under Provisioning to App settings, enable Create Users, Update User Attributes, and Deactivate Users .
  8. Next, you need to push groups. Navigate to the Push Groups tab.
  9. Push the groups--including for the user currently logged in to Clumio. There are two ways of selecting groups, either by name or by using a rule.
  10. Ensure the current user’s sync was successful in the previous step.

In Clumio

  1. Log on to Clumio.
  2. Navigate to Settings > Access management > Auto user provisioning.
  3. Create a user provisioning rule, give it a name, select the conditions to apply the rule, give the group a name, select the Super Admin Role, and assign that role to an OU. See Creating a user provisioning rule for details.
  4. Click Configure SCIM.
  5. Copy the SCIM base URL, generate and download the SCIM API token. These will be needed for the IdP side setup. Once done, click Close.
  6. Click Provisioning method (optional), and enable the toggle for SCIM provisioning.
  7. Ensure that the logged-in user is a part of the group that is assigned the Super Admin role, and groups have been pushed from Okta (see step 14 above).
  8. Click Enable Auto User Provisioning.
  9. You can now create additional rules per your requirements by clicking Create Auto User Provisioning Rule.

Once Auto User Provisioning is enabled, all users are evaluated per the rules you created and any changes to users within Okta are automatically reflected in Clumio.