SCIM Configuration for Okta¶
This section explains how to configure SCIM provisioning using Okta.
Note
Before configuring SCIM provisioning with Okta, you must configure Okta as the IdP for your Agora organization.
Log into Okta as an administrator.
Go to Applications > Create App Integration.
Select SAML as Sign-in method. OpenID Connect (OIDC) integration is not currently supported for SCIM provisioning by Okta.
Configure the new application ignoring the SSO configuration or filling mocked one. This is a provisioning-only app which does not need to be configured for SSO login.
Save the application
Go to General tab and Edit the App Settings to Enable SCIM provisioning. Then the Provisioning tab will appear.
Go to Provisioning tab and Edit it.
In SCIM connector base URL, enter the the SCIM API Base URL copied from SCIM settings in Agora.
Configure the email as Unique identifier field for users.
Select the HTTP Header as Authentication mode and paste the SCIM token with the one copied from SCIM settings in Agora.
Test connector configuration, if the connection was successful Save it
Reload the Provisioning tab to display additional settings
Click Provisioning to App to configure the behavior when pushing Okta changes to Agora. Enable Create users, Update user attributes, and Deactivate users.
Users and groups assigned to the SCIM application will be provisioned to the Agora organization. Note that Okta groups will be provisioned as roles in Agora, and these will be automatically assigned to the provisioned users.
Go to Applications
Click Push Groups
Click Push Groups dropdown button to select Groups to be imported as roles into Agora
Once the roles have been imported successfully, we can assign users to the Application.
Go to Applications
Click Assignments
Click Assign, then
Assign to People to assign users individually
Assign to Groups to assign the users under the selected Group