Okta Provisioning Agent (SCIM v1)

Owned by Ole Kristian Aune (Unlicensed)
Last updated: Oct 03, 2023 by Mari Fuglem
3 min read

Follow the instructions below to set up provisioning of users from Okta to JIRA using SCIM v1 through the Oktas provisioning agent. Further reading: Okta documentation.

  1. Open the Okta admin portal

    • Select Classic UI and then Applications

  2. Add new application

    • On the application page, click Add application

    • Then, click Create New App

    • Choose Web as platform and SAML 2.0 as sign-on method and click Create

    • Enter an app name in General Settings

    • Optionally upload a logo, click Next

  3. Input dummy URLs to skip SAML configuration

    • We will revisit these settings later when configuring SAML, but for now, input dummy URLs for both Single sign-on URL and Audience URI (SP Entry ID). When running the Kantega SSO Okta SAML wizard later, skip the initial app creation steps and use the app you're in the process of setting up SCIM, instead. For now, though, we'll focus on provisioning.

    • Click Next, then Finish

  4. Enable On-Premise Provisioning

    • After saving, go back to the application settings. Click edit and enable On-Premise Provisioning. Click Save. This should make the Provisioning tab appear.

    • Go to the Provisioning tab, which should now be available. Confirm that you have at least one active provisioning agent. If not, click the link and follow the instructions to install it in your environment. Finally, click Configure SCIM connector.

  5. Configure the SCIM connector

    • Oo the Provisioning tab, which should now be available. Click the Edit button to configure the SCIM connection:

      • Copy the tenant URL to the SCIM connector base URL field

      • Select HTTP header authorization

      • Type in Authorization as the header name, then Bearer <secret> as the value.

      • Type in userName in the Unique user field name

      • Select the agents you want to use.

    • You should end up with something like this:

    • Click Test Connector Configuration, then Save

  6. Configure To App settings

    • In the To App settings, enable Create Users, Update User Attributes, and Deactivate Users. Leave Sync Password unselected. You should not need to change the user mapping settings on this screen.

    • Click Save

  7. Configure Push Groups

    • At this point, any user or group assigned to the SCIM application in Okta will be provisioned to JIRA. However, you still need to explicitly specify the groups to provision. To do this, navigate to the Push Groups tab and click the green Push Groups button. Either add groups by name or create a rule. In the screenshot, we have added three groups by name. You can either push immediately or manually activate each group when you're done. In the screenshot, you can see that one group has been activated.

    • SCIM should now be configured and working