...
To provision users from Okta to Atlassian Jira, Confluence and Bitbucket Datacenter and Server host products with KSSO (Kantega SSO).
Prerequisites
To enable SCIM provisioning, you need to first create an SSO integration that supports the SCIM provisioning option. After that integration is available, then you can enable the SCIM option and configure the settings specific to your SCIM application.
To begin the SCIM configuration, select Cloud user provisioning in Kantega SSO/your Atlassian application. Then select Okta under the SCIM header from the Add directory dropdown.
...
Step 1 Network preparation
To provision users and groups with SCIM, your identity provider must be able to reach SCIM endpoints in your Atlassian application (ie Jira). You will need to provide a https URL with a valid certificate.
...
Step 2 Tenant configuration
SCIM users will be stored in a separate user directory in JIRA. Each directory has a unique tenant ID and URL used by the provider to push updates.
...
Application secret is used to configure the identity provider later. Use the suggested value or create your own.
Click Next.
...
Step 3 Configure SCIM in Okta
You will use these values when configuring Okta
...
Click Finish and switch to Configuration steps in Okta.
...
Supported features
The following provisioning features are supported by Kantega SSO:
...
Push Groups: Groups and their users in Okta can be pushed to Kantega SSO.
Configuration steps in Okta
Add integration
Navigate to SCIM 2.0 Test App (OAuth Bearer Token) https://www.okta.com/integrations/scim-2-0-test-app-oauth-bearer-token/ and click on “Add Integration”
Enter an appropriate “Application label” in General Settings and click Done.
Enable provisioning
Go to the Provisioning tab and Click the button Configure API Integration
Enable API integration
Check “Enable API integration”
Copy the “SCIM on base URL” from the Kantega SSO SCIM wizard into the SCIM 2.0 Base URL field
Copy the “Tenant ID“ from the Kantega SSO SCIM wizard into the Username field
Copy the Application secret from the Kantega SSO SCIM wizard into the Password fieldCheck Import Groups?
Click the button Test API integration. If the entered API credentials are correct, then a success message is displayed then click Save.
Configure To App settings
In the To App settings, enable Create Users, Update User Attributes, and Deactivate Users. Leave Sync Password unselected. You should not need to change the user mapping settings on this screen.
Configure Assignments
Now set up what groups/users should be synchronized.
Press the Assignments tab. Then press Assign and either add people or groups. You may then select the group Everyone to get all people in Okta synced over SCIM to your Atlassian product. Follow the Assign steps and press Save and Go Back, click the Done button in the end.
Configure Push Groups
At this point, any user or group assigned to the SCIM application in Okta will be provisioned to Jira, Confluence or Bitbucket. However, you still need to explicitly specify the groups to provision.
To do this, navigate to the Push Groupstab and click the Push Groups button. Either add groups by name or create a rule.
SCIM should now be configured and working and both assigned users and also the specified groups should be pushed by SCIM to Kantega SSO.
SP-initiated SSO
Users can sign in with Okta from Kantega SSO through an Identity Provider created in Kantega SSO. See our Setup guide for creating Identity Providers in Kantega SSO Okta | SAML
Troubleshoot
N/A