How to Set Up SCIM and Role Provisioning for Okta

This guide walks you through configuring SCIM and role provisioning between Okta and your organization to automate user management and streamline access control. Prior to starting, verify that your organization’s Single Sign-On (SSO) configuration is complete.

Supported Features

The following features are currently supported by your organization:

• Push Users
  Users in Okta who are assigned to the your organization application are automatically created as users in your organization.
• Push Profile Updates
  When user attributes are updated in Okta, those changes are automatically reflected in your organization.
• Deactivate Users
  When users are deactivated or removed from the SCIM application in Okta, they are deleted from your organization, preventing login access and freeing up a user license.

SETTING UP SCIM PROVISIONING

Adding the Integration

1. First, in the Okta Admin Console, click on Applications in the sidebar on the left side of the screen.
2. Then, in the Applications dropdown, select Applications.

3. Next, click on the Browse App Catalog.

4. Now, search for Jotform and click on it.

5. Click on Add Integration.

6. Enter an Application label and your Jotform URL.

7. Finally, click on Done.

8. In your Admin Console, in the left menu, click on Security.
9. Then, under Single Sign-On (SSO), toggle on SCIM Provisioning if it is not already turned on.

10. Select Yes, Generate Token.

11. Then, copy the token.

12. Paste the token into API Token and click on Save.

Managing Provisioning Settings

After saving your SCIM connection, the Provisioning tab will open. On this page, you can configure how user accounts are created, updated, and removed in your organization.

1. First, in the Provisioning to App, click on Edit.

2. Next, enable Create Users, Update User Attributes and Deactivate Users.
3. Finally, click on the Save button.

Assigning Users

You can assign either individual users (People) or entire Groups to your organization from the assignments tab.

Assigning People

1. First, in the Assignments tab, click on the Assign dropdown on the left side of the screen.
2. Next, select Assign to People.

3. Then, click on the Assign button on the right side of the person you want to assign.

4. Finally, fill in the blanks below and click on Save and Go Back.

Assigning Groups

1. First, in the Assignments tab, click on the Assign dropdown on the left side of the screen.
2. Next, select Assign to Groups.

3. Then, click on the Assign button on the right side of the group you want to assign.

4. Finally, scroll down and click on Save and Go Back.

Removing Users

You can also unassign people or groups to automatically deactivate or remove their accounts from your organization.

Removing People

1. First, in the Assignments tab, under Filters, select People. 
2. Now, click on the X icon on the right side of the person you want to remove.

3. Finally, click on OK.

Removing Groups

1. First, in the Assignments tab, under Filters, select Groups. 
2. Now, click on the X icon on the right side of the group you want to remove.

3. Then, click on OK.

After provisioning, affected users will be created or deleted from your server.

SETTING UP SCIM ROLE PROVISIONING

To specify users’ roles in your organization, a new attribute needs to be added to your IDP.

Please follow the steps below to add the attribute and define user roles.

1. First, in the Okta Admin Console, in the sidebar on the left side of the screen,click on Directory.
2. Next, in the Directory dropdown, select Profile Editor.

3. Now, click on the corresponding profile.

4. Then, on the next page, under Attributes, click on Add Attribute.

5. Now, copy the below and paste the following into the appropriate fields:
   Display name: Roles
   Variable name: jotform_user_role
   External name: jotform_user_role
   External namespace: urn:ietf:params:scim:schemas:core:2.0:User

6. Then, check the Define enumerated list of values checkbox and fill in the fields as below:

7. Next, select the Attribute type.

Note: You can only assign roles that are defined as personal to individual users and as group roles to groups. Personal roles can be applied when assigning People, while group roles can only be applied when assigning Groups.

8. Finally, click on Save.

After adding and saving the attribute, you can now assign roles to users or groups directly from your SSO application in Okta. Please note that you should unassign the person first if you want to switch the role.

1. First, in the Okta Admin Console, in the sidebar on the left side of the screen,  click on Applications.
2. Next, in the Applications dropdown, select Applications.

3. Then, click on the SAML application you created for the SSO.

Assigning People

1. First, in the Assignments tab, click on the Assign dropdown on the left.
2. Next, select Assign to People.

3. Then, click on the Assign button on the right side of the person you want to assign.

4. Now, scroll down to the Roles dropdown and select the role for the user. 
5. Finally, click on Save and Go Back.

Assigning Groups

1. First, in the Assignments tab, click on the Assign dropdown on the left.
2. Next, select Assign to Groups.

3. Then, click on the Assign button on the right side of the group you want to assign.

4. Now, scroll down to the Group Roles dropdown andselect the role for the group.

5. Finally, click on Save and Go Back.