Provisioning users with Okta

Scenario: You use Okta as an IdP and want to provision users into Clumio directly using Okta Groups. 

Prerequisites:

  • The individual setting up must have Super Admin access to Clumio and Admin access to the Okta portal.
  • The individual must be a part of a group that gets Super Admin access within Clumio.

Setup

To enable Super Admin and Admin access, do the following:  

  1. Log on to Okta and navigate to Applications > Clumio.
  2. Under the Sign On settings tab, click Edit and expand Attributes.
    Screen_Shot_2022-09-12_at_10.22.21_AM.png
  3. Add the following to the "Attribute statements" and the "Group Attribute statements" respectively:
NameFormatFilterValue
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameUnspecifiedN/Auser.firstName
http://schemas.xmlsoap.org/claims/GroupUnspecifiedMatches regex.*

Screen_Shot_2022-09-12_at_10.59.14_AM.png

  1. Under the Assignments tab, click Assign > Assign to Group and assign the app to the groups you want.
    Note: At least one group must have the current user as a member, and this group will get Super Admin permissions within Clumio.
  2. Next, log on to the Clumio portal and navigate to Settings > Access Management > Auto user provisioning

Screen_Shot_2022-09-12_at_2.12.50_PM.png

  1. Click Get Started and type a rule name, select the conditions to apply the rule, give the group a name, select the Super Admin Role, and assign that role to an OU.
    Screen_Shot_2022-09-12_at_10.51.50_AM.png
  2. Ensure that the logged in user is a part of the group that is assigned the Super Admin role.
  3. Once the first rule has been created, click Enable Auto User Provisioning.
    Screen_Shot_2022-09-12_at_11.46.16_AM.png
  4. You can now create additional rules per your requirements by clicking the Create Auto User Provisioning Rule button

Once Auto User Provisioning is enabled, all users are evaluated per the rules you created.