ScreenSteps

Configuring SCIM with Okta

Updated

Prerequisites

Before you configure provisioning for ScreenSteps in Okta, make sure that you have configured your Single Sign-On options in ScreenSteps.

Features

The following provisioning features are supported:

  • Push New Users
    • New users created through OKTA will also be created in the third party application.
    • The default timezone for new users will be the account time zone (set in your ScreenSteps account settings).
    • The default User type will be set to reader if no User type is set.
  • Push Profile Updates
    • Updates made to the user's profile through OKTA will be pushed to the third party application.
  • Push User Deactivation
    • Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in the third party application.
  • Push Groups
    • Groups and their members can be pushed to remote systems.
  • Reactivate Users
    • User accounts can be reactivated in the application.
Known Issues/Troubleshooting

If you enter an incorrect User type in Okta the error message you will receive will not be very specific. It may only say:

Bad Request: Errors reported by remove server.

If you see this error, please make sure that you have set the User type to one of:

  • admin
  • editor
  • reader

Configuration Steps

1. Add the ScreenSteps App

Search for ScreenSteps in the App directory and select Add.

ScreenSteps - Applications

Enter your ScreenSteps account name (from your ScreenSteps URL) in the Site Name field and then select Done.

2. Enter your ScreenSteps API Token and SCIM URL

Get the SCIM URL and API Token from ScreenSteps

Account > API Tokens

Get an API token

  1. If you don't already have an API token select Create API Token
  2. Copy the token

Enter Credentials in Okta

  1. Go to Provisioning in the ScreenSteps App
  2. Select Configure API Integration
  1. Select Enabled API Integration
  2. Enter the ScreenSteps API Token in the OAuth Bearer Token field
  3. Select Test API Credentials

If the test succeeds then select Save. If it does not succeed then make sure that you copied the correct values from ScreenSteps.

3. Enable Provisioning from Okta to ScreenSteps

In the To App settings select Edit.

Check the boxes for:

  • Create Users
  • Update User Attributes
  • Deactivate Users

Leave Sync Password disabled.

Then select Save.

4. Optional: Set default User Type for Groups

If you set a User Type for a group, then any user that is added to that group will have their role updated in ScreenSteps. Available roles are:

  • admin
  • editor (labeled as "Contributor" in the ScreenSteps application)
  • reader (default)

You may see the "learner" option in Okta, but this role has been deprecated in ScreenSteps.

If a user belongs to more than one group only one role value will be updated in ScreenSteps. The value updated is determined by the priority levels of the groups (see Okta's documentation for more information). The first group a user belongs to is the value that will be updated in ScreenSteps.

Select Directory > Groups

Select Group

Edit App

  1. Select Applications
  2. Select the edit icon for the ScreenSteps app

Set the User type

  1. Enter a value of admin, editor, or reader (Time zone is not required).
  2. Select Save
5. Optional: Set up Group Push

Group Push is an Okta feature that lets you push existing Okta groups and their memberships to ScreenSteps. To learn more about this feature please refer to About Group Push in Okta's documentation.

5.2. Select "Find groups by name" from the "Push Groups" menu

5.3. Search for the group you would like to push to ScreenSteps

5.4. Save

If the default settings look correct then click the Save button.

The group will be added to the list of Pushed Groups and will perform an initial sync.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Previous Article How to Use the SCIM User Provisioning API
Next Article Setting Up Your Application to Use ScreenSteps Remote Authentication (Not SAML)
Still Need Help? Contact Us